BCS Insights 2021 - 2021 REPORT
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2021 REPORT BCS Insights 2021
BCS INSIGHTS 2021 REPORT CONTENTS 03 INTRODUCTION 04 DIVERSITY 2021: SLOW PROGRESS IS SOME PROGRESS 07 Key ONS findings, gender 08 Key ONS findings, age 09 Key ONS findings, disability 10 Key ONS findings, ethnicity 12 IT LEADERS 17 Key findings, IT Leaders 18 CYBER SECURITY: SECURITY SPIDER SENSE 18 Key findings, Cyber security 24 ETHICAL DILEMMAS 26 SUSTAINABLE COMPUTING 30 SHORT AND SHARP SURVEYS 02
BCS INSIGHTS 2021 REPORT INTRODUCTION Welcome to our third annual Insights event. It was in 2019 that we debuted this highly successful new event, designed to give a platform for interesting and provocative thinking relating to technology and to showcase our research insights. In 2020 we went virtual, for obvious reasons, and this continues with our 2021 event. BCS’s aim to make IT good for society has never been more important – and the pandemic has only made that more obvious. Alongside this is the ever- growing concern over the climate crisis so, whilst we will continue to champion the great things technology has done for us, we will also continue to call out where improvement is needed, identify what needs to be more closely analysed and take a role in addressing those issues. We view Insights as a place to demonstrate BCS as a Paul Fletcher convener of thought. With the societal concerns we CEO. BCS, The Chartered Institute for IT now face as a backdrop, we look at how technology can help: the importance of professionalism in the IT workforce, how we can achieve sustainable computing, the need for a diverse profession that represents all, and the importance of digital inclusion for all members of society. This publication takes a high-level view of the research we have undertaken over the last year. There are raw numbers given on key topics, produced from the more than 13,000 responses we had to our survey work this year. This is given a narrative by comments we get from members, reflecting the views of those actually working in our industry. The research herein gives a snapshot of contemporary issues in IT leadership, diversity, sustainable computing and more. 03
BCS INSIGHTS 2021 REPORT
DIVERSITY 2021:
SLOW PROGRESS IS SOME PROGRESS
BCS has produced four reports analysing the ONS Labour Force survey, looking at diversity issues in the
IT space. For IT the picture is mixed but with some encouraging trends. From an employer point of view,
it is perhaps a tale of opportunities missed, but with implied potential.
19%
For a number of years
now, starting back with the
BCSWomen Group, BCS, has
been tracking and reporting upon
levels of female representation OF IT SPECIALISTS IN THE UK
within the IT labour market. The
idea was to highlight areas of WORKFORCE WERE FEMALE IN 2020
concern for the industry and to
provide supporting evidence for
those seeking to improve the GENDER This varies across industry too.
Public services, for example,
gender balance within IT. In raw numbers, there were have 32% female IT workforces,
312,000 female IT specialists but that is against 71% female
In 2017, we expanded the in the UK workforce during employment across other
reach of our analysis to cover 2020. This represented 19% occupations in the same sector.
other aspects of the Equality of the total at that time, a low
Act 2010’s nine protected figure, but one that also shows A higher proportion of female
characteristics. The commentary improvement. The level of IT specialists are employed
now includes figures on female representation in IT has in large organisations (250+)
people with disabilities, ethnic increased over the past five compared with males (50%
minorities and older workers. years, in 2018 the figure was at versus 41%).The female earning
226,000. We could represent this figures are still below their male
The insights contained within as a 38% increase – very good counterparts, although they are
this article are drawn from – although the wider picture is ahead of the ‘all occupations’
four reports where we have still that female representation figure for male and female.
analysed secondary data from remains well below the level Another positive is in the area of
the ONS Labour Force Survey. observed within the workforce as responsibility: this is better for
These reports aim to inform a whole (48%). female IT specialists: 34% are in
BCS policy as we provide a
responsible positions, compared to
definitive source of information There are localised bright spots 32% across professions in general.
concerning the levels of ‘minority’ – in Scotland this figure runs
representation amongst the IT to 23%. And certain disciplines And as a comment on potential,
professions. We also want to have better female participation. females are more likely to be
identify and explore the extent In web design and development qualified to degree level – 67%
to which the market is failing there is 35% female participation, versus 61% in men and that gap
those from minority groups, as and IT project and programme has increased since 2019.
demonstrated by below-average managers are 26% female.
levels of representation and
compensation amongst these
groups, but also celebrate where
IT performs well.
04
BCS INSIGHTS 2021 REPORT
10% There were 158,000 IT specialists
in the UK with disabilities in
OF IT SPECIALISTS IN THE 2020 – 10% of all IT specialists in
the UK at that time, although
UK HAVE DISABILITIES (DDA this is slightly up from 2019’s
128,000 (9%)
DEFINITION) A small ray of light in terms
of attitude is reflected in the
finding that IT specialists with
ETHNICITY We can see potential reflected
disabilities are more likely to
by qualification level because
The figures have always looked almost nine in ten ethnic receive job-related education
slightly better in IT professions minority IT specialists have / training, with 30% stating
with an ethnicity lens – although an HE level qualification (87%) they had received some in the
within individual ethnicities compared with less than seven previous 13 weeks during 2020
the picture becomes much in ten (67%) of those from white (compared with 23% of those
more complex. As a headline ethnic groups. without disabilities). This is also
positive, at 18%, ethnic minority up from 2019 at 28%.
representation was higher Digging into specific ethnicities
amongst IT specialists than
within the UK workforce as a
is trickier. However, some trends AGE
do emerge. Professionals with
whole, which was 12% in 2020. In Indian heritage are very well The background for age is that
total there were 300,000 ethnic represented in 2020 – with their people aged 50 and above
minority IT specialists in the UK, representation as IT specialists accounted for 31% of the
an increase on the 2018 number running at 9% against 3% in working age population in 2020,
which was 266,000, but down a other occupations – this figure and 30% of those in work.
percentage point. holds from 2019.
In the potential category, if
However, those from ‘Black/ representation in IT were equal
Ethnic minorities are better
African/Caribbean/Black British’ to the workforce ‘norm’ there
represented in London (32%)
background have dropped – 2% would have been an additional
and in the area of business
representation in IT specialism 119,000 IT specialists in the UK
analyst (26%). However, in 2019
against 3% in other occupations. aged 50 or above, or 480,000 in
the London figure ran to 35%.
In 2019 there was parity in total. The potential in 2019 was
For a comparison example
these figures. 95,000, so the picture for older
in disciplines, in business
professionals is getting worse,
analysis representation of ethnic
although the potential pool of
minorities has grown from 23% DISABILITY experience has commensurately
to 26%, overtaking project and
The outlook for those with increased for organisations.
programme managers as the
leading discipline from 2019. disabilities is consistently less
good. The background is that In 2020 there were estimated to
people with visible and invisible be around 13,000 unemployed
On the other end of the scale,
differences already start at a IT specialists in the UK aged
in Northern Ireland only 4% of
disadvantage: though accounting 50 and over, which equates
the IT workforce are from ethnic
for 20% of the working age to an unemployment rate of
minorities, with specialist IT
population in 2020, people with 3.4% - well above the rate for IT
managers from the whole of the
disabilities constituted only 14% specialists aged 16-49 (2.2%). In
UK running at 12% – although
of the total UK workforce. 2019 this was 8,000, so again a
for context 12% is the current
significant worsening.
representation of all ethnic
minorities in the UK workforce
as a whole.
05
BCS INSIGHTS 2021 REPORT
Unsurprisingly, older IT WHERE NEXT? Terminology evolves too – for
specialists (aged over 50) are example you will note we have
notably more likely to hold There are still plenty of areas dropped the term BAME from
‘responsible positions’ – almost to be explored in how we get the reports this year. Whilst
half (47%) having managerial/ everyone genuinely involved in nuance is important, if difficult
supervisory status in their job the information society. Our four to achieve, BCS is committed
(compared with 38% of younger reports don’t really touch on to being as inclusive as we can,
IT specialists, those aged below neurodiversity issues; there are which is why we like to hear
50). But, again, this is down from other protected characteristics from members about their
2019’s 52%. in the Equality Act; there will personal experiences.
undoubtedly be positive and
In the broader UK picture a negative changes post-COVID
related upward trend is in with, amongst other things, more
normalised remote working. The full reports are available at:
qualification level: Younger IT
specialists are much more likely BCS will continue picking these
subjects up. BCS.ORG
to hold an IT degree than those
aged 50 and above (14% versus
8% during 2020). If you have an experience you’d
like to share please email:
editor@bcs.org
06
BCS INSIGHTS 2021 REPORT
KEY ONS FINDINGS
GENDER 2021
• Women accounted for 50% of the working age • The incidence of self-employment amongst female
population in 2020 (those aged 16-64), 48% of IT specialists (5%) was less than half the level
those in work and 45% of the unemployed. recorded by men working in IT positions (11%).
• There were 312,000 female IT specialists in the • One half (50%) of female IT specialists working as
UK workforce during 2020 - 19% of the total at employees were employed at large business sites
that time. (250 or more staff) compared with 41% of males.
• If gender representation in IT were equal to the • Just under four in ten female IT specialists
workforce 'norm' there would have been an (38%) were working in IT businesses in 2020 – a
additional 466,000 IT specialists in the UK and notably lower proportion than that recorded for
778,000 female IT specialists in total in 2020. male IT specialists at that time (49%).
• The level of female representation in IT varies • Female IT specialists were five times more likely
by job type - from around one in twenty IT / to be working part-time than males (i.e. 15%
Telecoms engineers (5% in each case over the versus 3%) during 2020 – most often as they did
2016-20 period), to around one in three web not want full-time work.
designers/developers (35%) and IT operations
technicians (32%). • At £19 per hour, the median hourly earnings for
female IT specialists in 2020 was 13% less than
that recorded for males working in IT positions.
1.7% • In 2020, female IT specialists (that were
employees) appeared notably less likely than
males to be in ‘positions with responsibility’
THE UNEMPLOYMENT (comparison figures of 34% and 42% respectively).
RATE FOR FEMALE IT • Female IT specialists are marginally more highly
qualified than their male counterparts and in
SPECIALISTS IN 2020 2020, with more than seven in ten (73%) had a
degree or equivalent level qualification.
• Just 6% of female IT specialists had an IT degree
• The unemployment rate for female IT specialists compared with 14% of their male counterparts.
in 2020 was 2.7% - higher than that for male IT
specialists (2.4%) but less than the overall rate • The most common means of IT specialists (male/
for the UK labour market (3.2%). female) securing a job during the 2016-20 period
was by ‘replying to an advertisement’.
07
BCS INSIGHTS 2021 REPORT
KEY ONS FINDINGS
AGE 2021
• People aged 50 and above (50+) accounted • The median hourly earnings for older IT
for 31% of the working age population in 2020 specialists in 2019 was £24 per hour - 15% more
(those aged 16-64), 30% of those in work and than that for IT specialists as a whole.
21% of the unemployed.
• Older IT specialists are notably more likely to hold
• Of the 1.62m IT specialists based in the UK ‘responsible positions’ – almost than half (47%)
in 2020, just 22% (362,000) were aged 50 or having managerial/supervisory status in their job
above and if representation in IT were equal to (compared with 38% of younger IT specialists).
the workforce ‘norm’ there would have been an
13,000
additional 119,000 IT specialists in the UK aged
50 or above or 480,000 in total.
• Across the UK, representation of older people
in IT positions was lowest in London where just UNEMPLOYED IT
16% were aged 50 and above during 2020.
• Only around one in ten (10%) web designers/
SPECIALISTS IN THE UK
developers were found to be aged 50 and above
(over the 2016-20 period) whilst amongst IT
IN 2020
Directors, more than one third (35%) were of in
this age band (2020). • Older IT specialists are less likely to have an HE
qualification and in 2020 only 66% of those aged
• In 2020 there were estimated to be around 50 and had a qualification at this level compared
13,000 unemployed IT specialists in the UK aged with 72% of those aged 16-49.
50 and over equating to an unemployment rate
of 3.4% - well above the rate for IT specialists • Younger IT specialists are also much more likely
aged 16-49 (2.2%). to hold an IT degree than those aged 50 and
above (8% versus 14% during 2020).
• Older IT specialist were more likely to be working
on a self-employed basis than their younger • Older IT specialists are notably more likely
counterparts (13% versus 9%) and were also more to obtain employment through recruitment
likely to be working part-time (9% versus 4%). agencies, and much less likely to do so via direct
applications than their younger counterparts.
• IT specialists aged 50+ were also much more
likely than others to be working in micro
business sites (22% compared with 12% of those
in younger age groups during 2020).
08
BCS INSIGHTS 2021 REPORT
KEY ONS FINDINGS
DISABILITY 2021
• Though accounting for 20% of the working age • In 2020 approximately 64% of IT specialists
population in 2020, people with disabilities with disabilities held a degree/HE level
constituted only 14% of the total UK workforce. qualification compared with 71% of those
without disabilities and 41% of workers with
• There were 158,000 IT specialists in the UK with disabilities in other occupations.
disabilities in 2020 – 10% of all IT specialists in
the UK at that time. • Around one in six (15%) of IT specialists with
disabilities hold a degree in an IT related discipline.
• If representation in IT were equal to the
workforce ‘norm’ there would have been an
additional 65,000 IT specialists in the UK with
disabilities - 223,000 in total. 13%
• Representation of people with disabilities in the
workforce varies across the UK from 8% of IT
OF ALL UNEMPLOYED
specialists in London, Scotland and the West Midlands
to 13% of those in the South West of England.
IT SPECIALISTS IN THE
• Representation of people with disabilities also varies UK HAD SOME FORM OF
with IT role - from just 8% of ‘Specialist IT Managers’
(2020) to 15% of IT Operations Technicians. DISABILITY
• Over the 2019-20 period, approximately 13%
of all unemployed IT specialists in the UK had • IT specialists with disabilities are more likely to
some form of disability (4,000 on average) receive job-related education/ training with 30%
and the associated unemployment rate (2.7%) stating it had been received in the previous 13
was notably higher than that recorded for IT weeks during 2020 (compared with 23% of those
specialists as a whole (2.0%). without disabilities).
• Representation of IT specialists with disabilities is • Disabled IT specialists are notably less likely to
lowest in the Banking/Finance and Manufacturing gain work via ‘in company’ contacts than those
sectors (8% in each case over the 2016-20 period) without disabilities (15% versus 17% stating
that they had gained work in this way during the
• In 2020 the gross hourly pay for IT specialists 2016-20 period).
with disabilities was £19phr - 88% of the
remuneration for IT specialists without
disabilities (£21phr).
09
BCS INSIGHTS 2021 REPORT
KEY ONS FINDINGS
ETHNICITY 2021
• Individuals from ethnic minorities accounted for • Ethnic minority representation was lowest within
14% of the working age population in 2020 but only the manufacturing sector where just 8% of IT
12% of those in work and 21% of the unemployed. specialists were from minority ethnic groups.
• At 18%, ethnic minority representation was
higher amongst IT specialists than within the
workforce as a whole (12%) in 2020 and in total
‘ETHNIC MINORITY
there were 300,000 ethnic minority IT specialists
in the UK at that time.
IT SPECIALISTS ARE
• Ethnic minority representation amongst IT LESS LIKELY TO BE
specialists varies significantly across the UK -
from just 4% in Northern Ireland of England to IN POSITIONS OF
32% in London.
RESPONSIBILITY THAN
• Ethnic minority representation amongst IT
specialists in 2020 ranged from just 12% of THOSE OF WHITE
specialist IT managers and web designers /
developers – to 26% of business analysts. ETHNICITY’
• Ethnic minority IT specialists were twice as likely • In 2020, ethnic minority IT specialists (full-time
to be working in non-permanent positions as their employees) were earning the same as white/
‘white’ counterparts (6% versus 3% respectively). all IT specialists as a whole, with median hourly
• There were approximately 10,000 unemployed rates in each case of £21phr.
IT specialists from ethnic minority groups in • Ethnic minority IT specialists are less likely to be
the UK during 2020 – 24% of all unemployed IT in ‘positions of responsibility’ than those of white
specialists in the UK at that time. ethnicity with 37% and 41% respectively stating
• The corresponding unemployment rate for ethnic that they were a manger/foreman or team
minority IT specialists (3.2%) was notably higher leader in 2020.
than that of their ‘white’ counterparts (2.3%). • Almost nine in ten ethnic minority IT specialists
• Ethnic minority IT specialists were more likely to have an HE level qualification (87%) compared
be self-employed than other IT staff during 2020 with less than seven in ten (67%) of those from
(13% compared with 9% of those from white white ethnic groups.
ethnic groups). • Ethnic minority IT specialists are less likely than
• Just over one half (52%) of all ethnic minority IT others to find employment from contacts in post
specialists were working in IT businesses in 2020 (21% compared with 24% of white IT specialists
- a higher proportion than for those of white ethnic over the 2016-20 period).
origin (45%) and IT specialists as a whole (45%).
10BCS INSIGHTS 2021 REPORT 11
BCS INSIGHTS 2021 REPORT
IT LEADERS:
THE IT LEADERS VIEW
At the beginning of each WHAT CHANGED MOST IMPORTANT
year BCS likes to get views
from digital leaders on their ACROSS 2020? TECHNOLOGIES
expectations, concerns, skills The highest scoring priorities for The highest scoring technology
needs and more. Like no other 2021: ‘operational efficiencies’, priorities were consistent with
year, 2020 showed just how ‘business transformation and recent years — which reflects
reliant all organisations are organisational change’, and well on previous strategies, but
on the IT function. The effect ‘remote and distributed working’, the relative importance was
on IT leaders, in the tech and represent a shift in the patterns even stronger. ‘Cybersecurity’
people context, has been of recent years. This is no doubt and ‘cloud’ were tied with a
commensurately large. due to the uncertain nature of 61% strike rate, with ‘business
the year and is reflected in the process automation’ following in
With 2020 showing us how drop in the position of ‘continuous third position.
much we need IT expertise, IT innovation’. It was first in 2019,
competency and dependable with 54%; in 2020, it was second ‘Cybersecurity’ and ‘cloud’ were
systems, the so-called ‘soft overall with 53% — this year, it also joint top in 2020 but with only
skills’ of caring for the team and dropped to fifth place. a 52% strike rate; similar numbers
empathetic leadership have also were recorded in 2019. In 2019,
come into their own. Conversely, ‘staff engagement ‘business process improvement’
and well-being’ was prioritised scored 36%, so 2021’s 47% is
This is shown in some of the by 44% as a top five answer for again a significant jump.
biggest changes in numbers 2021: a significant leap from the
seen in the BCS IT Leaders 32% who rated this in the top five Unsurprisingly, these trends
survey in recent years. But the in 2020’s report. were also reflected in the choice
numbers also demonstrate that of top technology priority.
when IT leaders raise issues that Similar trends were reflected ‘Cybersecurity’ was chosen by
need addressing (security and when choosing the organisation’s 18%, ‘cloud’ and ‘business process
cloud loom large, yet again) — top priority. Again, ‘staff automation’ by 15%, with ‘agile
they know of what they speak. engagement’ rose significantly — methods’ much-improved at 14%.
it was only a top priority for 3%
It is hardly surprising that in 2020 and 4% in 2019 but hit For comparison, in 2020,
responders this year have 10% this year. ‘business process automation’
had things to say about good was chosen as top priority by
people management, business ‘Operational efficiency’, too, is on a 10%, with ‘agile methods’ at
continuity strategy and, as general upward trend. It was rated 4%; in 2019, ‘business process
always, where they feel their as the top priority by 10% in 2019, automation’ was 12% with ‘agile
concerns and gaps are 17% in 2020, with 15% this year. methods’ at 7%.
most pressing.
12BCS INSIGHTS 2021 REPORT
It will come as little surprise
after a tumultuous year that
optimism about achieving
organisational goals is low.
Only 9% of participants feel
their organisation has enough
resources to achieve success in
2021. This compares to a steady
(although still very low) 12% in
both 2020 and 2019.
9%
FEEL THEIR
ORGANISATION
HAS ENOUGH
RESOURCES
SLEEPLESS NIGHTS And on cloud: ‘We need to be RISK RADAR
able to prevent service failures in a
AT THE TOP complex, hybrid-cloud landscape.’ What else should we be aware of?
Some comment highlights include:
So, what has led to IT leaders
having a record-breaking (in BCS Of course, some other • ‘Articulating business value.’
survey terms) low expectation regular contenders were • ‘Being able to provide the latest
of success in 2021? One of the well represented: 5G, AI, legal IT services quickly enough
key questions we’ve asked over compliance, Brexit, change for our business to deliver
the years of this survey, ‘What management, capability gaps, applications to our customers.’
changes and trends in IT keep you data proliferation, decoupling
• ‘Higher expectations for
awake at night?’ offers some insight. data from legacy systems
software security, unrealistic
(Editor’s note: we have earmarked
expectations for AI, reliability of
The general picture from these to explore what it really means in
2021), digital transformation and deep-learning systems.’
verbatims is very much in
keeping with the figures, with optimisation, disaster planning,
digital literacy of general workforce, Being a broad technology church
the two main answers being
resilience and shadow IT. at BCS means we also elicit some
‘cybersecurity’ and ‘cloud’.
domain-specific comments. One
Two respondents summed
The need to adjust to a changed commenter raised this problem:
these up neatly. On security:
2021 provoked comments on what ‘All the changes are happening
‘Cybersecurity is a big worry.
organisations will need to keep faster than the health service can
Most of the rest we are in control
going. For example, the ‘ability to (will) react to.’
of — the inputs and outputs — but
keep up and adapt without incurring
we cannot control bad actors.
unnecessary expenditure,’ and ‘to
How much defence is enough?’
support large numbers of end users
with new platforms.’
13BCS INSIGHTS 2021 REPORT
‘MAKING SURE THE BALANCE IS • ‘Making sure the balance is
right between user needs,
RIGHT BETWEEN USER NEEDS, organisation needs and the
appropriate use of digital and
ORGANISATION NEEDS’ tech to improve services.’
• ‘My organisation fails to keep up
because of a lack of IT literacy
Naturally enough, many of the Some larger unknowns also amongst leaders.’
concerns raised in the survey came up: ‘Scale of technical debt
that will affect 2021 arise from vs the imperative to address this Whilst there are clearly large
2020’s situation: ‘During this very quickly (and at acceptable areas of concern, there are
pandemic, platforms like Zoom, cost) in order to meet the also those with a philosophy
Teams, GoToMeeting, etc. have changing needs of the world. Also, that works for them. These two
been very popular and often the difficulty of delivering complex comments show either end of
enabled businesses to continue change at scale.’ the spectrum:
to function. However, whilst they
may, in some cases, have raised Another comment concerned • ‘There’s not enough space (in
public and business trust in the how to ‘articulate the shift to the survey) to really answer
profession, there are still too many operational expenditure model what keeps me up at night.’
failed IT projects.’ with a traditional organisation that • ‘Nothing keeps me up, really.
expects a certain level of capital Organisations that have
As noted above, innovation has expenditure. And recruitment of embraced agile methodology
taken an understandable back staff with concerns about IR35 and/or devops as part of their
seat to business as usual. As statutory changes.’ IT delivery process are already
one commenter said: ‘I work in ahead of the curve towards
the leisure sector and what keeps Some raised organisational adapting to any upcoming
me awake is helping my company maturity: ‘I am keen that we are changes. For those that haven’t,
make it through the next year. working on strategically planned this would be their main focus
Forget about upcoming trends, we objectives and are innovative and as well as building out their
are trying to work with 40% less creative. However, some of our remote working capabilities.’
staff and very little spending.’ drivers would require tactical
solutions and we need to provide THE COVID EFFECT
EYES ON EUROPE AND routes to create that flexibility. I am
Maybe an indicator of the effect of
not sure we are mature in that way.’
BEYOND COVID is encapsulated in this stat:
concerns about Brexit ran at 14% in
Inevitably, political views come Here are some of the business the top five concerns for 2020 but
in. BCS takes a neutral stance consideration comments this dropped to 8% for 2021. IT leaders
on party politics of course, but survey got: were clearly more concerned with
as an example, one respondent • ‘Lack of general understanding other things, for example business
listed their concerns: ‘Lack of of the mission criticality of data continuity and looking after
clarity over service provision to and quality.’ dispersed workforces.
from the EU. Losing all my biggest
clients who are based in the EU. • ‘Keeping pace of all changes
Brexit/government is a joke.’ is tremendously difficult (if not
impossible). Not sure a specific
“upcoming change/trend” is a
cause of sleepless nights — but
general workload can do at
times.’
14BCS INSIGHTS 2021 REPORT
BUSINESS • Discussing the change ‘During COVID-19, we have seen
needed in threat perception, increases to resources; improved
CONTINUITY one person wrote: ‘All services recruitment process; development
STRATEGIES are being reviewed and a of rotas; redeployment of essential
resources; contracts extended
programme of improvement to
Nothing tests a business the ICT infrastructure has been and budget increases. Change
continuity or disaster implemented. Other planning is improvements are reflected in
preparedness plan more also underway. More monitoring continuity planning, which requires
effectively, sadly, than an event. of systems is taking place. The continual analysis of arrangements,
And we well know the effect that so we are better positioned.’
availability tiering of systems
COVID has had on workforces, has been reviewed.’ These are
as one responder wrote: ‘100% We had several comments
no small tasks.
remote working, temporary office on successes and the
closures, events have had to be • For some, these changes benefits of previously started
moved online only — this has were part of a progression: transformation:
impacted our field marketing ‘It accelerated change already ‘Being an IT company, not only
strategy significantly.’ underway — it also shifted has our own (recovery plan) been
the risk appetite to a less properly tested, our entire client
• A considerable number of controlled environment.’ base and the IT model we sell has
responders found their plans proven to be the best one it could
up to the task. ‘One could make
the argument that COVID has
‘DURING have been.’
been a thorough test of our
continuity strategy and that the
COVID-19, WE ‘We invested in remote working
prior to the pandemic.’
test has been passed with flying
colours,’ wrote one commenter.
HAVE SEEN However, a certain amount
‘Very little disruption has
occurred despite the majority of
INCREASES TO of refocusing has also been
provoked. Some comments:
our workforce now performing
their duties from home, where
RESOURCES; • ‘It has made us focus much
more on resilience and failover
previously there was a strong
focus on working from fixed
IMPROVED to ensure we keep systems up
for longer.’
office locations.’ RECRUITMENT • ‘In many ways, continuity has
• COVID has also meant that
previously ad-hoc approaches PROCESS; improved with less reliance
on availability of physical
to homeworking have been
quickly firmed up. The move DEVELOPMENT spaces. We are, however, now
over-reliant on one key cloud
to the cloud, with an attendant
collaboration mindset, has OF ROTAS’ infrastructure provider.’
• ‘Every business needs a
been not only needed, but
imperative. Likewise, the move business continuity plan. Our
away from fixed hardware. PLANNING AND business impact analysis (BIA)
CONTINUITY focused more on system/
DC outage scenarios prior
In terms of planning, certain to COVID-19.But business
principles have been reinforced: continuity planning in the
‘Business continuity is a workplace, i.e., business
continuous working. It is ongoing, continuity for a pandemic, has
so programme and documentation become equally important now.’
should not be seen as final. There
are always resource changes that
could impact these arrangements.’
15BCS INSIGHTS 2021 REPORT
THE FUTURE, NEEDS Here are some noteworthy replies: What are some of the other negatives
that need further addressing?
AND REQUIREMENTS • ‘It has forced IT leaders to be
much more business-and- • ‘It has shown that “know-it-
The new requirements value-focused rather than IT- alls” don’t actually know it all
of continuity were well centric in their thinking.’ and that we are not immune to
summarised by one commenter: the basic business practices or
• ‘A leader needs to take care of
‘We have seen increased continuity planning...’
their people, especially when
identification of business-critical
so many of our colleagues have • ‘IT has become reactive in 2020
processes and personnel.
lost their jobs. A good leader, where we need to be strategic.’
Increased use of technology to
whether or not they are in IT, • ‘It’s definitely highlighted
overcome diverse location of
will do this. The ability to think weaknesses in IT management
teams and key business activities.
on your feet and prioritise when for a number of companies. In
Additional validation testing of
so much of the workforce is the job market, I have noticed
people, process, technology,
working from home is essential.’ more IT management positions
to achieve effective business
continuity. Fast-track delivery of • ‘There is increased focus in asking for more skill sets than
new VDI and zero trust network developing soft skills such usual but for the same salary.
services to support agility.’ as emotional intelligence, For me, strategy and project
storytelling and managing time.’ management skills have been
tested rigorously.’
CHANGES IN IT
MORE ON COVID-19 What other positive effects have
LEADERSHIP been felt by IT leaders? Here are
Will COVID lead to a weeding out
COMPETENCIES of leadership teams? One person some comments:
Much has been made over the said that it has ‘exaggerated • ‘We’re taken more seriously by
years about soft skills, especially [the deficiencies of] the less able senior management.’
in IT, where the kneejerk response leaders.’ And, from the technical
• ‘We’ve become more human —
is often that managers and perspective, ‘Anyone who thought
and understanding of different
leaders can be too technical (the the future is on-premise only is
working practice models.’
nerd/geek stereotype of empathy probably out of a job. Cloud has
deficiency). The overwhelming got everyone working from home
number of comments here so if you are not thinking cloud
paint a different picture and the first then that is a problem.’
importance of empathy and trust
came through strongly. Said one
responder: ‘COVID-19 has made
us think more about our staff
and how we support them. It has
brought out the softer skills in good
ICT leaders.’
What has been required of
leaders in this situation, which
one responder said has allowed
us to ‘think laterally about remote
working’?
16BCS INSIGHTS 2021 REPORT
CAPABILITY GAPS
We asked those surveyed to give
free text answers of where they
saw the capability gaps in their KEY FINDINGS AT A GLANCE
organisations. A lot of answers • When asked to single out their number one priority, the
came with a cloud flavour: top answer is business transformation and organisational
cloud adoption and migration; change, selected by 22% of respondents. This is followed
general cloud skills (for example by operational efficiencies (15%) and staff engagement and
AWS); cloud infrastructure and well-being (10%).
security; and cloud service • The technologies that organisations are prioritising for 2021
support especially to aid large- are cyber security (61%), cloud (also 61%), and business
scale homeworking. process automation (47%).
• When asked to identify their top technology priority, cyber
Said one person: ‘We need more security (18%) edges ahead of cloud (15%). Also with 15%
knowledge centred around on- is business process automation, closely followed by agile
premises infrastructure, which methods (14%)
requires a change in development • Only 9% of participants feel their organisation has enough
practices as we move towards a resources to achieve success in 2021.
more cloud-based organisation.’
In other comments, these areas
were mentioned as needing
bolstering: cybersecurity,
‘WE NEED MORE KNOWLEDGE
DevOps, project management,
testing, legacy systems
CENTRED AROUND ON-
knowledge, robot process
automation, SCCM knowledge
PREMISES INFRASTRUCTURE,
and general web skills.
WHICH REQUIRES A CHANGE IN
Some answers were around
culture issues, for example, DEVELOPMENT PRACTICES’
one commenter noted an issue
with employees’ ‘willingness Some also had a forward- ‘The sudden work practice changes
to learn and adapt in new and looking approach. One person of the coronavirus pandemic
emerging technologies. Staff was looking for ‘experience made a big leap in people’s
tend to become comfortable in Tameflow, a combination of understanding and adoption of
with existing technologies agile and theory of constraints digital, but it also highlighted how
and forget to learn about the approaches. Many of our IT much more there is to be done to
new stuff, which could offer developers are working on old bring the level of digital literacy
significant benefits.’ We need technology and use waterfall across the organisation up to a
them to ‘keep on top of change techniques. They will need training reasonable standard.’
in the IT and applications stack, in cloud-based technology,
finesse soft skills for customer agile methodologies, serverless
handling, have a general architecture and UX.’
knowledge of what is possible,
be multidisciplinary, understand Again, we had some sector-
commercial priorities and specific comments, such as:
understand digital consumer ‘We need a general awareness
behaviour.’ of how digital can improve the
many different roles across the
healthcare provision environment.
17BCS INSIGHTS 2021 REPORT
CYBER SECURITY:
SECURITY SPIDER-SENSE
In late 2020 BCS undertook its
first large scale research on the
cybersecurity issues we all face.
We asked members – both of KEY FINDINGS AT A GLANCE
BCS’s security specialist groups
and IT professionals in general • 37% of participants admitted that their organisation had
– about their view on the state detected or recorded a security incident during 2020. 25%
of IT security now. Nearly 700 stated that they hadn’t had a security incident. 22% didn’t
members responded with some know and 16% preferred not to say.
fascinating insights. • 42% of respondents believe their senior leadership team
have sufficient skill and knowledge to manage cyber risk.
The complexity of the 36% don’t think they do and 22% are neutral.
cybersecurity landscape makes • 61% of BCS members believe their senior leadership team
it a vital area of interest for understand what their organisation’s most valuable digital
all – whether in IT or not. In an assets are.
industry where a breach can • From a cybersecurity perspective, nearly half of
happen through well-intentioned respondents (49%) are concerned about the ongoing shift
mistake; or through highly to towards third party cloud computing infrastructure,
platforms and software as a service. 22% are not
organised criminal activity; or
concerned and 28% are neutral.
via a lone teenager hacker; or
• Nearly four in ten (39%) of those questioned feel that
through a state actor; or from a
their organisation affords security enough time and
disgruntled employee, the threat consideration when deploying products in an agile way.
surfaces are huge. 34% think that they don’t and 27% are neutral.
Add in legal compliance issues,
the speed of change, user
demand, the gap between
business leadership and
technical understanding and a
multitude of other considerations
and it obvious why BCS has such
a thriving security community.
18BCS INSIGHTS 2021 REPORT
So many discussions in tech Some of the harder skills listed That leads to some of the
seem to reduce to terminology. included: red teaming skills; softer skills mentioned, such as
Security is no different – so in-depth penetration testing, empathy and an understanding
we asked the question as to edge device protection and of user psychology. Of course,
whether it is important to make a security postmortem deep a lot of these things need to
distinction between ‘information forensics. Related deeper skills, converge. As one member
security’, ‘network security’ and or experience-related items, put it, we need ‘pragmatic
‘cybersecurity’ - 59% said it is. included finding ‘people who cybersecurity understanding in a
Leaving a significant proportion are real engineers and think business environment.’
in the ‘no’ and ‘don’t know’ solutions through properly,’ as
camps. Other answers had more described by one responder. Also The inherent tension here was
decisive outcomes. mentioned were an awareness highlighted in this comment:
of governance and how it ‘the bigger issue is getting
should fit in with the business; rounded people - it’s easier to find
SKILLS OUTLOOK general policy knowledge, and people with either very technical
As is to be expected there was a those X factors: a conceptual mindsets or very human centric
wide range of issues on the skills understanding of risk and a mindsets but harder to find both.’
gaps – both from the technical security ‘spider-sense’.
perspective and in relation to And, picking up a long-discussed
security understanding in the We need ‘HR people who have a hybrid issue, one commenter wrote
wider business. The specific scoobie-doo what security is and that we need, ‘people who can see
question we asked was around end to end and can communicate
that it is a profession based on the
what skills are most difficult to both up and down the business
rule of law,’ wrote one member.
recruit for. These ranged from both technically and nontechnically.’
And inevitably new staff cause an
hard security skills – an obvious
essential – to softer skills and issue, being, as one commenter
those surrounding integrating wrote: ‘unable to discern,
more effectively with the business. phishing, scam, peering and social
engineering and many other cyber
security threats.’
19BCS INSIGHTS 2021 REPORT
INCIDENTS IN 2020 Some of the free text answers What of the business’ reaction?
highlighted the implications The chart below lists the
Whilst an understandable 16% more graphically: for example the main responses, although
of respondents preferred not say incidence of ‘brand abuse’. Others one response in the free
whether their organisation had saw potential learning moments: text answers demonstrates
suffered a security incident this ‘Our controls caught it, so we a useful attitude to finding
year, 37% indicated they had. Of prevented the threat of financial
these, the top three consequences evidence of a breach: ‘we went
loss. We used the opportunity to back to look for more.’
were the 33% that underwent retrain the team on external threats
organisational disruption, with via phishing schemes.’
16% suffering website disruption
and/or loss of data.
AFTER THE EVENT WHAT DID YOUR BUSINESS DO ?
Investigate 71%
Change procedures 43%
Staff debrief 42%
Patch security software / infrastructure 41%
Provide extra training 38%
Blame a specific member of staff and apply any penalties 3%
Don't know / prefer not to say 9%
Other 9%
Source: BCS
20BCS INSIGHTS 2021 REPORT
• Pretty much everything. Here is a nicely balanced
concluding remark: ‘There is no
WHAT KEEPS YOU • Paranoia is a virtue in the IT
point panicking. It is important
security arena
AWAKE AT NIGHT? • Senior managers abrogating
to be doing the right things
One member felt that there exists and have the right support and
responsibility to junior
‘an endemic lack of interest in understanding around you to do
managers who make
creating a secure environment. an effective job.’
inappropriate risk decisions to
Security teams are severely limited avoid escalating issues
in their effectiveness if not supported
by other functions, such as change
• Blame culture ‘THERE IS
control, inventory management,
technical delivery teams.’
• Cyber security fatigue - people
acknowledge it is important NO POINT
Here are a selection of answers
but fail to act accordingly
• State actors
PANICKING. IT
to our ‘what keeps you awake at
night’ question:
• The volume of work! IS IMPORTANT
• Lack of awareness at
executive level across the TO BE DOING
• People in my organisation that organisation. Zero to little
make our work very difficult understanding of IT in any THE RIGHT
because they implement shape form or guise. No
security by ‘negating usability’ understanding of the impact THINGS’
• Security is too often treated like the loss of IT services would
a compliance issue, where some have. No coherent disaster
boxes have to be ticked in order recovery plans in the event of
to avoid too much scrutiny the loss of service(s).
• End of life software, poor patching • That someone has breached
• Transition to the cloud the systems and is laying low
... watching how things are
carried out in the organisation.
21BCS INSIGHTS 2021 REPORT
THE BIGGEST CYBER THREATS
Phishing 63%
Human error 62%
Social engineering 53%
Ransomware 50%
Insider threats 38%
Cloud vulnerabilities 31%
Nation-state adversaries 26%
Zero-day threats 23%
Advanced persistent threats 20%
Shadow IT 17%
AI-enhanced cyber attacks 13%
SCADA / crit'infrastructure attacks / kinetic attacks 13%
IoT based attacks 12%
Deep fakes 6%
The dark web 5%
Other 5%
Source: BCS
22BCS INSIGHTS 2021 REPORT
CLOUD CONCERNS Many of these issues will be • AI and redundancies in the
covered in our security pages cybersecurity profession
For a number of years now over the next few issues. The
BCS’ IT Leaders survey has • The potential for AI creating
BCS security specialist groups
shown security and cloud issues new jobs in cybersecurity
are filled with experts and run
have been neck and neck as a lot of events to pick up just • The risks of 5G
concerns. This is well reflected the sort of threads that are • Look out for the publication
in the spread of numbers to our mentioned above. But for this of the full report in the
question: ‘from a cybersecurity research there was more and e-newsletter and on MyBCS.
perspective how concerned are the forthcoming report will
you about the ongoing shift to also cover some other very
third party cloud computing interesting current issues:
infrastructure, platforms and
software as a service?’ 49% • Effective AI use in cybersecurity
marked this with very concerned, – now and in the future
or concerning. Only 6% had • Cybercriminals’ deployment
no concerns. Why? See the of AI.
illustration below…
WHAT CONCERNS YOU ABOUT THE CLOUD?
Breaches through misconfiguration 69%
Poorly implemented access controls 64%
The risk of data loss or leakage 63%
Unauthorised access to data via misuse of staff credentials 51%
Setting consistent policies/processes onsite and in cloud 42%
Compliance with Schrems II, GDPR and/or DPA (2018) 39%
Compliance 39%
Flawed APIs 35%
Other 9%
Nothing 3%
Source: BCS
23BCS INSIGHTS 2021 REPORT
ETHICAL DILEMMAS
‘WHEN I SEE FBCS IN THE EMAIL SIGNATURE…’
Late in 2020 BCS undertook
its annual survey of members.
Let’s start with a member
insight on track and trace… ‘A ‘I FIND
This year we followed the
pattern of recent surveys and
bidding process was run for the
selection of a vendor to provide ATTITUDES
asked the following question:
In the past year have you or
the track and trace application. I
was on the periphery, being asked TO SOFTWARE
your organisation faced ethical
dilemmas that you would be
by a participating party to help
assemble a development team. At TESTING BEING
willing to share? the time it was known that Apple
and Google had formed a joint
SEEN AS
The idea behind this is simply
to get a verbatim snapshot of
venture activity to build a track
and trace application that worked
OPTIONAL BY
recent experiences from those
who are willing to share. It is
across both their platforms.
The Google-Apple software was
CLIENTS VERY
not quantitative or definitive but
provides an opportunity to start
already in place in Germany and
other countries.
FRUSTRATING’
a conversation and get a feel for
The past year has seen a large-
what others may be facing. Some ‘However, the bid process
scale change in working practice,
of the comments are also not continued and selected a US
with attendant problems: ‘There
strictly about ethical situations, contractor to build a solution better
is an increased focus on this, but
some for example are more than the companies that make the
I still see a lot of presenteeism
clearly legal, but we have kept a phones (i.e. Google and Apple). As
and part-time workers are
selection of these in for the same an informed mobile technology
disadvantaged when working in a
reason – as a good starting point user, it was clear that no solution
project-based organisation. Hiring
for further consideration. that did not involve these two
is a big ethical issue and IR35 has
mobile phone manufacturers could
compounded this (i.e. is it right to
Main categories that came up be viable or work. However, there
pay twice as much to someone
were a mix of the contemporary was no way to prevent the waste of
doing the same job?). ‘
- COVID-19 and furlough, £13M of taxpayers’ money with the
the increasing profile of selected vendor (whose solution of
Here are some appetite
diversity concerns – through course did not work). It would have
whetters in the area of IT
to the ongoing – IT practice, been great if the BCS possessed a
practice:
management issues, business mechanism, body or process that
‘I find attitudes to software testing
processes and data concerns. could have stepped in and provided
being seen as optional by clients
the obvious reality (in the form
very frustrating. I used the analogy
This time we also had a good of advice) and potentially saved
that you wouldn’t publish a report
number of comments on personal taxpayers money.’
without spell checking it, however
ethics and professionalism –
the hours for testing are always
with some gratifyingly positive
the first thing to be cut.’
comments on the effect of BCS
and its approach.
24BCS INSIGHTS 2021 REPORT
‘The attitude to lawful protected
disclosures is generally to treat
responsible alarm raising as
though it were treacherous
criminal leaking. There is a
Parliamentary Group trying to
change this very bad attitude
towards improvements needed.
The ISC annual report para 17-
18 indicates there are no means
of responsible disclosure in-
confidence in the UK and this is
a dangerous state of imbalance.
The legal helpline service is not an
effective or adequate response.’
Diversity issues got a number of
mentions, too, this comment was
particularly encouraging: ‘The A theme throughout the And the link between BCS and
Black Lives Matter protests after comments were individuals professionalism is even more
the murder of George Floyd were a taking responsibility, which explicit in our two closing
wake-up call. I have realised how is clearly what BCS would comments:
little I have done over the past 40 encourage. Indeed, that is the ‘Let’s just say that I had to
years in this industry to understand point of professionalism. And remind my organisation/
racism and to help Black people. BCS has helped, as evidence by peers that as a Chartered IT
I am now working with a Black these remarks: Professional I was bound by the
organisation as a mentor, BCS Code of Conduct.’
supporting the Mentor Black ‘I was working in an organisation
Businesses initiative both through for almost a year where they were ‘I work as a technical conceptual
donations and as a volunteer, and not practicing ethically. It took time architect in a sales environment
aiming to hire Black people or for me to realise that and thanks and see a lot of great and poor
Black organisations whenever I to BCS, after realising that and left behaviour. When I see FBCS in the
have the opportunity to do so.’ the company.’ email signature I know they will
try to do a good job and uphold
Another member talked data ‘I have had to refuse to transfer standard and industry best practice.’
concerns: ‘I approached a well- of sensitive data to an external
respected resource within the organisation since it was illegal to There are many more comments
National Audit Office asking do so. However, were it not for my presented in the full report,
whether they believed it was BCS training I would not have been which also covers comments on
NAO’s responsibility to further management issues and some
aware that it was illegal in the first
data standards across the UK international considerations.
place. The module ‘professional
government. Their response was Members can view the BCS
issues’ is spot on.’
that it needed to be done, but for the Ethical Dilemmas 2021 mini-
last 12 years, focus and financing
Ethical trade-offs are an report on myBCS.
had been lacking, spotty and
unreliable. This is the ‘watchdog’ interesting idea: ‘Our products
body for the UK government. This were extensively used in the arms
speaks volumes about the platitudes industry. We would have preferred
across our industry.’ if this were not so. We resolved
this problem for ourselves by
charging less (or nothing at all) to
socially benign organisations.’
25BCS INSIGHTS 2021 REPORT
TAKING THE
TEMPERATURE:
SUSTAINABLE COMPUTING
ETHICS REGULATION And on a more specialised route planning; haulage sharing;
note: ‘The data and analytics drone deliveries to remote areas.’
Specifically, this question asked derived through satellite imagery, ‘Building management systems
members to give their views on aerial, and drone platforms will to optimise heating, lighting and
technologies they had seen that enable accurate reporting and ventilation.’
benefit the environment and accountability for ESG.’
should be used more widely. ‘Smart allocation of water/
Measuring and monitoring herbicides/pesticides to crops, to
Suggestions ranged from the came up repeatedly, here is a reduce the amount needed.’
prosaic to the specialised, for selection of related comments:
example, the first category: ‘The ‘For us at the BBC, being able Some people had an emotional
switch on a power socket. The to reduce our own datacentre and psychological benefit
idea of services being available footprint has been great for our mindset too. For example
24/7 is in many cases a bit daft energy consumption and green this suggestion, that we need
given that users tend to be asleep credentials. We tend to utilise ‘holographic displays so you can
7-10 hours of each day and that AWS which whilst isn’t perfect, get a real sense of being with
a lot of businesses are closed for enables us to offset some of that people without having to travel.’
longer. Just consider the domestic effort. Virtual meeting systems
modem, powered 24/7 in most have been great in reducing travel A final idea that came up
cases when its users may only be between sites (pre-covid) and several times is one making
conscious in the property for four essential during covid lockdown.’ some headway, especially
or 5 hours a day. We would never amongst IT folks: ‘Principle:
senselessly leave lights on in the ‘Myriad of measuring systems that repairable IT! Technology should
way we leave technology on.’ can help a genuine assessment: be repairable and upgradeable
Vehicle load management and as opposed being ditched for a
new model.’
KEY FINDINGS
• 40% of participants indicated that IT is used to meet their organisation’s ESG goals. 21% suggested that
IT isn’t used for this, and the rest were either neutral or their organisation did not have an ESG policy.
• 59% of respondents feel empowered as an IT professional to speak up on greener and more ethical
alternatives in their organisation’s tech strategy.
• Nearly half of those questioned (45%) think that the government should be the main driver of a
roadmap for IT and digital technologies that helps to achieve a greener, more sustainable society. The
second choice, relevant professional bodies, scored 18%.
26You can also read
