Inclusive culture starts with contract language This blog post was authored by Michael Lyons - Managing Director, Security and Privacy on Protiviti's technology insights blog.This post is the third and final in an occasional series about diversity in cybersecurity. Our first post discussed achieving diversity’s benefits in cybersecurity; the second explored the high cost of gender bias in cybersecurity.Anyone who wins business via competitive bid may have noticed that requests for proposals (RFPs) increasingly feature instructions to adopt inclusive language in responses. Over the past several years, more and more potential customers are seeking cybersecurity partners whose values in the areas of diversity, equity and inclusion (DEI) correspond with their own. Sometimes, enterprises will provide examples of non-inclusive terminology and propose alternatives. Bidders who are new to the concept of inclusive language, however, should think twice about simply searching and replacing non-inclusive words and phrases to satisfy bidding requirements. They’ll want to make a sincere and substantive effort to align their values and embrace DEI as part of their cultures to take their place in a network of like-minded businesses. Topics Cybersecurity and Privacy Partners in inclusionA bidder could respond to an RFP with the lowest price in the world, but if they are not a good cultural fit, they won’t win the business. An increasing number of business leaders have come to understand it’s more trouble than it’s worth to engage a trading partner who doesn’t align with enterprise values.Businesses have grown increasingly connected as they’ve focused on core competencies. When a large company invites prospective suppliers to bid, they may be thinking about price and due dates; thinking, even, beyond the nuts-and-bolts requirements of any engagement and looking for partners to turn to consistently. They’re seeking to grow their networks and to build a circle of trust. They want these suppliers to represent them well, both in the work they do and in the products and services they deliver.Engagements usually involve teams comprised of resources from both customers and suppliers. Individuals might work side-by-side for weeks or for years. Trust is easier to form with suppliers whose resources speak, work and act in the same inclusive way the customer values. That trust results in a happier and more productive team. The engagement often becomes the project of choice for customer and supplier resources alike.Language, bias, cultureFirms seeking more inclusive language from their partners might even provide examples of non-inclusive language to avoid and offer alternatives to use in proposals and contracts. Nothing could be more straightforward than to search for outmoded, biased terminology and replace offending terms with a newer, neutral vocabulary. Making the more fundamental change that’s demonstrated by new behavior, however, is a more sincere, substantive and lasting fix.The change that drives a cultural shift starts with acknowledging bias. Learning inclusive alternatives to the language people have always unthinkingly used is a great way to uncover bias. If prospective customers don’t provide their own examples — and even if they don’t explicitly request inclusive language — any business can start by studying inclusive alternatives to outmoded terms. The American Psychological Association (APA) has published inclusive language guidelines to promote equitable representation. In addition, information technology organisations at universities around the United States are working to eradicate the “racist, sexist, ageist, ableist, homophobic or otherwise non-inclusive language” that has characterised information technology, software and cybersecurity fields for years. As with any fundamental change, first attempts are merely a start, but learning about inclusive language builds awareness. Once an individual understands bias in language, they’ll continue to improve at using inclusive language and it becomes natural to them over time. For businesses, it can become part of daily operations.Businesses have drifted away from doing business face-to-face. Now, and especially in the early days of a business relationship, RFPs might originate from procurement systems, and the bidder’s objective is only to advance to the next step in a selection process. The first words exchanged via RFP and proposal, therefore, carry information about a prospective supplier’s culture as well as surface meaning.If the supplier proceeds in a firm’s selection process, prospective customers will have additional opportunities to get to know suppliers beyond any written response. This is when customers will be able to discern whether inclusive values are intrinsic to the supplier’s culture or only pasted on to the surface of proposal and contract language.Once they are selected for an engagement, suppliers will want to show they live the inclusive values they extol. Team meetings, project planning, status reports and other communications about the initiative must continue to demonstrate and promote inclusivity of the team and the culture arising from team operations. This is when suppliers deliver on the promise that originates from contract and proposal language.Inclusive language is the new price of entryAny cybersecurity business that competes via competitive bidding (that is, any cybersecurity business) may already have noted prospective customers prefer and often require inclusive language in proposals and contracts. While some RFPs will actually specify inclusive language to replace outmoded terms, all suppliers have access to guidance on neutral alternatives. Language, however, is only the price of entry; suppliers who seek long relationships and who value broad business networks based on shared values will want to consider language to uncover biases and seek to address DEI in their own cultures.Read the results of our new Global IT Executive Survey: The Innovation vs. Technical Debt Tug of War.To learn more about our cybersecurity solutions, contact us. Find out more about our solutions: Cybersecurity Consulting From the speed of innovation, digital transformation, and economic expectations to evolving cyber threats, the talent gap, and a dynamic regulatory landscape, technology leaders are expected to effectively respond to and manage these competing priorities. Culture and Organisational Transformation Employees are looking for work with purpose and want to feel invested in their organisations. We help organisations to assess, cultivate and transform their current culture to meet their business objectives. Leadership Leslie Howatt Leslie is a managing director, and Protiviti’s technology consulting solution lead. She specialises in digital and technology strategy as well as transformational change with over 25 years’ experience across consulting, industry, and government sectors. She has ... Learn More Krishnan Venkatraman Krishnan is a director with over 14 years’ experience in professional services. He has specific expertise in technology risk consulting and has been advising clients both in the public and private sector in designing and implementing information security controls.Major ... Learn More Tim Speelman Tim is a director with a track record of developing and implementing strategic plans that align with the demands and gaps of global and local enterprises. Before joining Protiviti, Tim was a regional CISO responsible for APAC within a large recruitment company with core ... Learn More Featured insights BLOGS Tackling gender bias: Women in cybersecurity Cybersecurity is distinguished not only by a talent shortage but also by having a predominantly male workforce. Women are in the minority on most cybersecurity teams that have women at all, so when they experience gender bias, they’re likely to be... BLOGS Achieving Diversity’s Benefits in Cybersecurity Could any security organisation benefit from greater innovation? Or from responding more effectively to diverse internal customers? How about benefitting by retaining the talent its leaders have so carefully nurtured, by accessing more diverse... BLOGS A Guide to pen testing and red teaming: What to know now Penetration testing and red teaming are essentialcybersecuritypractices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies... BLOGS The importance of dark web monitoring In today’s interconnected world, where adversaries seem to always be one step ahead, companies face an increasingly complex threat landscape. One of the most challenging and often overlooked threats is the dark web, an intentionally hidden part of... BLOGS Enhancing cyber capabilities using a threat-driven strategy Senior leaders focused on cybersecurity recognise there is considerable guidance, best practices, frameworks, regulations and varied opinions on how programmes should design defensive capabilities. In addition, depending on the day, the various... BLOGS Embrace DEI intersectionality for effective cybersecurity The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents. As cyber threats continue to... Button Button