While minority professionals make up a significant portion of the cybersecurity workforce, a recent study found they are still underrepresented across senior roles within their organization which could be hurting their bottom line.
One of the proposed methods to address these unique challenges while also increasing the performance of the general cybersecurity workforce as a whole is to provide more mentorship opportunities, (ISC)2 researchers said in the Innovation Through Inclusion: The Multicultural Cybersecurity Workforce report
The lack of people of color in leadership positions alone could be hurting companies bottom line as companies ranking in the top quartile of executive-board diversity, saw 53 percent higher returns on Equity, on average, than those of companies in the bottom quartile, the study said citing McKinsey & Company.
In addition, Earnings Before Tax and Interest margins at the most diverse companies were 14 percent higher, on average, than those of the least diverse companies.
Organizations with racially and ethnically diverse leadership teams benefit both company culture and bottom line revenues, while also adding to the overall confidence of an organization's security posture.
The study found that racial and ethnic minorities,
those who do not self-identify as White or Caucasian, made up 26 of the U.S. cybersecurity workforce, which is slightly higher than the overall U.S. minority workforce at 21 percent and roughly in line with minorities as a whole who accounting for 28 percent of the general U.S. population.
Despite the representation in the work force, the study found that while 30 percent of U.S. workers across all sectors report being in a leadership role of director level or above, only 23 percent or people of color were in leadership roles while 30 percent of Whites reported being in leadership positions.
People of color in the industry who had advanced into leadership roles often held higher degrees of academic education than their Caucasian peers who occupy similar positions with 62 percent of people of color in leadership positions having obtained a master's degree or higher, compared to 50 percent of professionals who identified as White or Caucasian who were also in leadership roles.
And while academic degrees do not necessarily imply a more advanced level of skill, it has typically been considered a hiring prerequisite for most employers, the study said.
Of those who identified as minorities in the cybersecurity workforce, 17 percent were female proportionally exceeding the overall female representation of the country by a margin of 3 percent.
Across all ethnicities and races women reported experiencing greater rates of discrimination in the workplace than men, with women who identify as Black, Hispanic, Asian or of Native American descent, reporting the highest numbers of discrimination.
The study also found salary discrepancies, althou average industry earnings much higher than the national average at $122,000 USD per year, Caucasian males earn on average $3,000 more than none Caucasian males, while women of color earn nearly $10,000 USD less than the industry average at $115,000 USD.
“Minority underrepresentation in leadership roles, coupled with lower average compensation and fewer reported instances of salary increases, seem to create a trifecta of obstacles for minorities pursuing a career in cybersecurity,” researchers said in the report. “Beyond lower salaries and fewer holding leadership roles, minorities in cybersecurity are disproportionately affected by other, less tangible barriers to entry and advancement.”
The study said employers should be encouraging the growth and development of a skilled cybersecurity organization by looking at its own ranks and that professionals across multiple groups are more likely to place value on mentorship and training programs that support professional development and career advancement.
Millennials, women and racial and ethnic minorities all placed value in mentorship and researchers said it could help address discrepancies while improving the work environment for everyone as a whole.
In doing this, employers can not only advance, embolden and elevate individuals, but support and stimulate progress and growth within the cybersecurity workforce to address the unique challenges faced by diverse groups, the study said.