Carrier Management
Run Time: 56:31

EP. 31: More Than a Conversation: Cyber, Insurance Pros Say Building Diversity Means Taking Action

1 Star2 Stars (+4 rating, 2 votes)

Embed Video

Use the below code to add this video to your website.

The cybersecurity and insurance industries have been talking about prioritizing diversity, equity and inclusion for a while, but Larry Whiteside, co-founder and president of Cyversity, says conversations aren’t enough.

“I will never forget the first time that I sat on a panel speaking about the need for diversity in cybersecurity,” he says on the most recent episode of The Insuring Cyber Podcast. “Well, that was over 10 years ago. And here we are, and the numbers have gotten better, but they're nowhere near where they should be.”

Cyversity is an organization seeking to achieve consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to mentor and educate. In collaboration with (ISC)², an international nonprofit membership organization, and the Center for Cyber Safety and Education, a recent report found that minority representation within the cybersecurity profession is slightly higher than the overall U.S. minority workforce. But professionals of color still only represent about a quarter of the U.S. cybersecurity workforce and tend to be placed primarily in non-leadership roles, despite being highly educated.

The numbers are even lower for Black professionals in the U.S. cybersecurity workforce specifically, with only 9% of workers surveyed for ISC’s report self-identifying as African American or Black.

(ISC)² published the report - Innovation Through Inclusion: The Multicultural Cybersecurity Workforce – based on survey responses from 9,500 U.S. cybersecurity professionals. 

“If action had really been taken over 10 years ago when we began talking about this problem, then today, I would see far more Black cybersecurity executives than I do today,” Whiteside says. “But I can tell you, I know almost every Black cybersecurity executive that exists in the field today. And that's shameful. Because it's not like it's hundreds of them. It's not even like it's more than a couple of dozen.”

Whiteside says beyond conversations, individuals need to take action within their organizations to create changes in the workforce.

“What actions are you taking inside the organization where you have influence?” he says. “If you have not gone to your HR to try and change your hiring practices, even if you don't change them holistically for the whole company, if you are not trying to do something specific in your cybersecurity team to be better, then … just raising your hand and saying, ‘Yes, I agree,’ is not enough. Just getting on stage and having a panel about it and saying, ‘Yes, we need more,’ is no longer enough. We've been doing that for years.”

He adds that allies are important if change is going to happen within the workforce. He points to CEOS having conversations with HR about transforming hiring practices and organizations creating meaningful DEI programs as two ways that the cybersecurity industry can begin prioritizing diversity and inclusion as it seeks to attract new talent.

“If you think about anything, whether it be the march in Selma with Dr. King, whether it be the Women's Rights Movement, pick something. Any aspect of wrong that's happened to a particular sect of society, the impacted members of that sect can't be the only ones standing up and saying something needs to be done,” he says. “It can't just be women. It can't just be people from underserved communities and underserved demographics. It's got to be the industry holistically - which means our white male counterparts who make up the largest percentage of our industry have got to lean in with us to literally say, ‘This is a problem.’”

Once diverse talent is brought into an organization, the work doesn’t stop, either, Whiteside says.

“Organizations have to start figuring out ways to make these diverse employees, these diverse ethnicities and women that they bring into their organization [safe]. They've got to create safe spaces for them to keep them,” he says. “As a woman or as a Black woman or as a person of color, when you go into organizations, if you don't have a safe space that you feel you can go to, you're not going to stay there.”

In addition to cybersecurity, another industry with a need for greater diversity within its workforce is cyber insurance. The National African American Insurance Association (NAAIA) is seeking to meet this need through its efforts to empower African American insurance professionals and celebrate their accomplishments, as well as attract diverse talent to the industry.

“I think that this work has been so powerful and so well received because we are not creating the need,” says NAAIA Executive Director Margaret Redd later in this podcast episode. “The need is there.”

She says one of the biggest challenges African Americans face within cyber insurance is feeling included in an industry made up of predominantly white professionals.  

“When you think about African American professionals in this industry, one of the issues that we face, many of us across our careers, is this issue of being included, this issue of feeling like we belong, whether it's in our company or within the industry,” she says.

One element that is essential to resolving this issue, Redd says, is growing the number of African American professionals in the industry by attracting new talent.

“I think some of the biggest barriers to entry - one is awareness,” says George Woods, head of US Property and Casualty Broker Sales Management at Swiss Re and vice chair of the board at NAAIA, in this podcast episode. “I don't think that a lot of African Americans in the insurance Industry are truly aware of the opportunities in this space to actually have a career.”

Redd agrees that addressing the industry’s lack of exposure is the place to start when prioritizing diversity and inclusion.

“A lot of African Americans find themselves not having someone in the family that's in the industry, not having those kitchen table discussions, not growing up being at the knee of someone who's well versed and educated and aware in terms of the opportunities within the industry,” she says. “What you don’t know, you just don't know.”

She adds that another contributing factor to the industry’s lack of diverse representation is built-in bias within the hiring process.

“People tend to hire people that they feel comfortable with. And if that's the case, then you're going to generally be hiring folks that, most often, look like yourself,” she says. “Because there are not so many African Americans in those hiring positions, in the hiring management positions, we aren’t seeing the level of hiring from the Black community as we are from the white community.”

Beyond recruiting talent, however, Woods says it’s important that insurers are working to promote diversity within every level of a company, particularly in senior roles.

“I mean, it's one thing to recruit talent into an organization, but how do you make sure that you do a better job of training? And once you train, what are you doing to retain? And once you retain, what are you doing to promote that particular individual?” he says. “Because at the end of the day, when you start to look at the statistics and look at the numbers, and just look at the leaders of various organizations in the industry, you don't necessarily see people of color at the higher levels.”

Whiteside says all of this points to the fact that the cybersecurity industry as a whole needs to work together to move beyond words and take meaningful action.

“It's going to take the industry to openly acknowledge that the lack of diversity hurts us,” he says.

For the cyber insurance industry, the message is the same.

“It’s going to take a collaborative effort across all,” Redd says. “It can't be just the work of NAAIA and it's not just the work of NAAIA. It's a whole lot of folks who are helping to raise up this awareness and to try to rake through the issues that have served to be barriers to entry for us, as a people.”

Check out the rest of this episode to hear what else Larry, Margaret and George have to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.

Other videos you might like: