The UK’s cybersecurity sector appears to be faring pretty well in terms of its diversity, but challenges around inclusion, career progression and discrimination persist, according to a new government report.

The second annual Decrypting Diversity report from the National Cyber Security Centre (NCSC) was compiled from interviews with 945 professionals working in the industry.

The headline figures are encouraging: over a third (36%) of respondents were female, which is a higher proportion than in some studies, and 10% were from the LGB community, which the report claimed is higher than the 2.2% of the population that is LGB according to 2018 ONS data.

A quarter identified as having a disability, more than the 14% of the IT workforce as a whole and the 20% figure for the UK’s working population. The report also claimed that the statistics for ethnic minorities (15%) and trans and non-binary (1%) respondents were in line with those of the national population.

However, there are still clear areas where improvement is necessary. For example, only one in 20 respondents were aged 18-24, just 3% entered via a school leaver or apprenticeship scheme, and 12% via a graduate scheme. The NCSC said increasing these figures needs to be a priority.

More concerning is that over a fifth (22%) of respondents said they’ve experienced discrimination in the past year, up from 16% in 2020. In addition, the number claiming to have experienced a career barrier due to one of their characteristics also surged, from 14% last year to 25%.

The NCSC claimed these figures might have been influenced by this year’s survey asking about a broader set of characteristics.

However, it’s also true that women, those from ethnic minority backgrounds, and those who are lesbian or gay experienced higher-than-average levels of discrimination. Women and ethnic minority respondents were also more likely to have experienced career roadblocks.

Another key stat – the degree to which individuals feel included, accepted and treated equally at work – didn’t move from last year. That means over a fifth (22%) of respondents feel they can’t be themselves at work.

Diversity and inclusion (D&I) is one of the four key pillars of the UK Cyber Security Council, commissioned by the government in 2019.

CEO Simon Hepburn said the council would play its part in helping to drive positive change.

“The sector must succeed at this. It’s vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking and alternative contributions of a truly diverse, inclusive cybersecurity workforce,” he added.

“The council and the NCSC are in lockstep over the D&I objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report.”

The report’s six recommendations include: better use of data to monitor and improve the “talent lifecycle;” learning from D&I best practice; publicizing success stories; and ensuring roles and skills are described consistently and made clear and accessible to all.