While minority professionals make up a significant portion of the cyber-security workforce, a recent study in the US found they are still underrepresented across senior roles within their organisations which could be hurting their bottom line.
One of the proposed methods to address these unique challenges while also increasing the performance of the general cyber-security workforce as a whole is to provide more mentorship opportunities, (ISC)2 researchers said in the Innovation Through Inclusion: The Multicultural Cyber-security Workforce report.
The lack of people of colour in leadership positions alone could be hurting companies bottom line as companies ranking in the top quartile of executive-board diversity, saw 53 percent higher returns on Equity, on average, than those of companies in the bottom quartile, the study said citing McKinsey & Company.
In addition, Earnings Before Tax and Interest margins at the most diverse companies were 14 percent higher, on average, than those of the least diverse companies.
Organisations with racially and ethnically diverse leadership teams benefit both company culture and bottom line revenues, while also adding to the overall confidence of an organisation's security posture.
The study found that racial and ethnic minorities, those who do not self-identify as White or Caucasian, made up 26 percent of the US cyber-security workforce, which is slightly higher than the overall US minority workforce at 21 percent and roughly in line with minorities as a whole who account for 28 percent of the general US population.
Despite the representation in the work force, the study found that while 30 percent of US workers across all sectors report being in a leadership role of director level or above, only 23 percent or people of colour were in leadership roles while 30 percent of Whites reported being in leadership positions.
People of colour in the industry who had advanced into leadership roles often held higher degrees of academic education than their Caucasian peers who occupy similar positions with 62 percent of people of colour in leadership positions having obtained a master's degree or higher, compared to 50 percent of professionals who identified as White or Caucasian who were also in leadership roles.
And while academic degrees do not necessarily imply a more advanced level of skill, it has typically been considered a hiring prerequisite for most employers, the study said.
Of those who identified as minorities in the cyber-security workforce, 17 percent were female proportionally exceeding the overall female representation of the country by a margin of three percent.
Across all ethnicities and races women reported experiencing greater rates of discrimination in the workplace than men, with women who identify as Black, Hispanic, Asian or of Native American descent, reporting the highest numbers of discrimination.
The study also found salary discrepancies, although average industry earnings much higher than the national average at US$ 122,000 (£87,355) per year, Caucasian males earn on average US$ 3,000 (£2,148) more than none Caucasian males, while women of color earn nearly US$ 10,000 (£7,160) less than the industry average at US$ 115,000 (£82,343).
“Minority underrepresentation in leadership roles, coupled with lower average compensation and fewer reported instances of salary increases, seem to create a trifecta of obstacles for minorities pursuing a career in cyber-security,” researchers said in the report. “Beyond lower salaries and fewer holding leadership roles, minorities in cyber-security are disproportionately affected by other, less tangible barriers to entry and advancement.”
The study said employers should be encouraging the growth and development of a skilled cyber-security organisation by looking at its own ranks and that professionals across multiple groups are more likely to place value on mentorship and training programs that support professional development and career advancement.
Millennials, women and racial and ethnic minorities all placed value in mentorship and researchers said it could help address discrepancies while improving the work environment for everyone as a whole.
In doing this, employers can not only advance, embolden and elevate individuals, but support and stimulate progress and growth within the cyber-security workforce to address the unique challenges faced by diverse groups, the study said.