Inclusive culture starts with contract language This blog post was authored by Michael Lyons - Managing Director, Security and Privacy on Protiviti's technology insights blog.This post is the third and final in an occasional series about diversity in cybersecurity. Our first post discussed achieving diversity’s benefits in cybersecurity; the second explored the high cost of gender bias in cybersecurity.Anyone who wins business via competitive bid may have noticed that requests for proposals (RFPs) increasingly feature instructions to adopt inclusive language in responses. Over the past several years, more and more potential customers are seeking cybersecurity partners whose values in the areas of diversity, equity and inclusion (DEI) correspond with their own. Sometimes, enterprises will provide examples of non-inclusive terminology and propose alternatives. Bidders who are new to the concept of inclusive language, however, should think twice about simply searching and replacing non-inclusive words and phrases to satisfy bidding requirements. They’ll want to make a sincere and substantive effort to align their values and embrace DEI as part of their cultures to take their place in a network of like-minded businesses. Topics Cybersecurity and Privacy Partners in inclusionA bidder could respond to an RFP with the lowest price in the world, but if they are not a good cultural fit, they won’t win the business. An increasing number of business leaders have come to understand it’s more trouble than it’s worth to engage a trading partner who doesn’t align with enterprise values.Businesses have grown increasingly connected as they’ve focused on core competencies. When a large company invites prospective suppliers to bid, they may be thinking about price and due dates; thinking, even, beyond the nuts-and-bolts requirements of any engagement and looking for partners to turn to consistently. They’re seeking to grow their networks and to build a circle of trust. They want these suppliers to represent them well, both in the work they do and in the products and services they deliver.Engagements usually involve teams comprised of resources from both customers and suppliers. Individuals might work side-by-side for weeks or for years. Trust is easier to form with suppliers whose resources speak, work and act in the same inclusive way the customer values. That trust results in a happier and more productive team. The engagement often becomes the project of choice for customer and supplier resources alike.Language, bias, cultureFirms seeking more inclusive language from their partners might even provide examples of non-inclusive language to avoid and offer alternatives to use in proposals and contracts. Nothing could be more straightforward than to search for outmoded, biased terminology and replace offending terms with a newer, neutral vocabulary. Making the more fundamental change that’s demonstrated by new behavior, however, is a more sincere, substantive and lasting fix.The change that drives a cultural shift starts with acknowledging bias. Learning inclusive alternatives to the language people have always unthinkingly used is a great way to uncover bias. If prospective customers don’t provide their own examples — and even if they don’t explicitly request inclusive language — any business can start by studying inclusive alternatives to outmoded terms. The American Psychological Association (APA) has published inclusive language guidelines to promote equitable representation. In addition, information technology organisations at universities around the United States are working to eradicate the “racist, sexist, ageist, ableist, homophobic or otherwise non-inclusive language” that has characterised information technology, software and cybersecurity fields for years. As with any fundamental change, first attempts are merely a start, but learning about inclusive language builds awareness. Once an individual understands bias in language, they’ll continue to improve at using inclusive language and it becomes natural to them over time. For businesses, it can become part of daily operations.Businesses have drifted away from doing business face-to-face. Now, and especially in the early days of a business relationship, RFPs might originate from procurement systems, and the bidder’s objective is only to advance to the next step in a selection process. The first words exchanged via RFP and proposal, therefore, carry information about a prospective supplier’s culture as well as surface meaning.If the supplier proceeds in a firm’s selection process, prospective customers will have additional opportunities to get to know suppliers beyond any written response. This is when customers will be able to discern whether inclusive values are intrinsic to the supplier’s culture or only pasted on to the surface of proposal and contract language.Once they are selected for an engagement, suppliers will want to show they live the inclusive values they extol. Team meetings, project planning, status reports and other communications about the initiative must continue to demonstrate and promote inclusivity of the team and the culture arising from team operations. This is when suppliers deliver on the promise that originates from contract and proposal language.Inclusive language is the new price of entryAny cybersecurity business that competes via competitive bidding (that is, any cybersecurity business) may already have noted prospective customers prefer and often require inclusive language in proposals and contracts. While some RFPs will actually specify inclusive language to replace outmoded terms, all suppliers have access to guidance on neutral alternatives. Language, however, is only the price of entry; suppliers who seek long relationships and who value broad business networks based on shared values will want to consider language to uncover biases and seek to address DEI in their own cultures.Read the results of our new Global IT Executive Survey: The Innovation vs. Technical Debt Tug of War.To learn more about our cybersecurity solutions, contact us. Find out more about our solutions: Cybersecurity Consulting From the speed of innovation, digital transformation, and economic expectations to evolving cyber threats, the talent gap, and a dynamic regulatory landscape, technology leaders are expected to effectively respond to and manage these competing priorities. Culture and Organisational Transformation Employees are looking for work with purpose and want to feel invested in their organisations. We help organisations to assess, cultivate and transform their current culture to meet their business objectives. Leadership Michael Pang Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ... Learn More Alan Wong Alan is a director at Protiviti Hong Kong with over 21 years of experience in IT and security solutions and project management. He specialises in IT governance, risk assessment, regulatory compliance, and cybersecurity assessment and consulting. He also has an extensive ... Learn More Featured insights BLOGS Tackling gender bias: Women in cybersecurity Cybersecurity is distinguished not only by a talent shortage but also by having a predominantly male workforce. Women are in the minority on most cybersecurity teams that have women at all, so when they experience gender bias, they’re likely to be... BLOGS Achieving Diversity’s Benefits in Cybersecurity Could any security organisation benefit from greater innovation? Or from responding more effectively to diverse internal customers? How about benefitting by retaining the talent its leaders have so carefully nurtured, by accessing more diverse... BLOGS A Guide to pen testing and red teaming: What to know now Penetration testing and red teaming are essentialcybersecuritypractices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies... BLOGS The importance of dark web monitoring In today’s interconnected world, where adversaries seem to always be one step ahead, companies face an increasingly complex threat landscape. One of the most challenging and often overlooked threats is the dark web, an intentionally hidden part of... BLOGS Enhancing cyber capabilities using a threat-driven strategy Senior leaders focused oncybersecurityrecognise there is considerable guidance, best practices, frameworks, regulations and varied opinions on how programmes should design defensive capabilities. In addition, depending on the day, the... BLOGS Embrace DEI intersectionality for effective cybersecurity The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents. As cyber threats continue to... Button Button