Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Why diversity is not a 'nice to have' in cyber

Vicky Axon, NHS Digital's Regional Security Lead, says monocultures breed security weaknesses and we are still struggling to get the variety of backgrounds we need in NHS cyber teams.

Put simply, cyber has a diversity problem.

We’ve known this for years, but, on many measures, we are not seeing the range of candidates applying for roles that we need.

Vicky Axon who is NHS Digital's Regional Security Lead

The reasons why candidates don’t apply are varied and complex, but I want to concentrate here on why diversity is so important in cyber security work. I mean “diversity” in its fullest and most fundamental sense: people contributing from different backgrounds, different viewpoints, different abilities, different ethnicities, different cultural backgrounds, different gender identities, and different ways of thinking.

Cyber criminals don’t follow traditional patterns when attacking an organisation. They don’t reference a rulebook or only come from STEM (Science, Technology, Engineering and Maths) backgrounds. They haven’t all got the same upbringing or journey through the educational system and society.

Cyber isn't one job. It isn't, as the stereotypes have it, sitting in front of a screen in the dark with a blinking green cursor requesting a password.

So, if our adversaries are thinking differently about how they can execute an attack against the NHS, then so must we. And one way to improve our chances of doing this is recruiting people with diverse experiences and skills. A diverse team can help us see the same problem through a variety of lenses. We can challenge our thinking and ensure we aren’t all approaching a problem in the same way. We can stay a step ahead.

In terms of educational background, some of the best people I’ve worked with have been from non-STEM backgrounds. I’ve worked with people from marketing, criminology, finance, and other areas who have all been extremely effective.

Cyber isn’t one job. It isn’t, as the stereotypes have it, sitting in front of a screen in the dark with a blinking green cursor requesting a password. It isn’t running around with alarms going off because you’re being ‘hacked’.

Technical skills have a very important place, but this work is also about building relationships, having great communication and listening skills, and being able to think creatively, see new problems and solve them in new ways.

My message to potential candidates who want to contribute is to take a leap of faith and apply. Don’t be put off a rewarding and incredibly important career just because you don’t have a degree in the field or don’t feel you will “fit the mould”. If you’re passionate about protecting the NHS and are willing to challenge traditional ways of thinking, we want to hear from you.

Related subjects

Toby Griffiths, Head of Innovation and Delivery for NHS Digital's Data Security Centre, discusses how we have tackled cyber security issues and how we are addressing 'security debt' brought about by the pandemic.
Ransomware is a growing threat across the health and care system. NHS cyber security experts describe how it can affect organisations and what is being done to combat it.


Last edited: 13 June 2023 9:50 am