As we enter Neurodiversity Celebration Week it is important that we consider why this week matters. For many people, it is an opportunity to spread awareness of neurodiversity, how it affects individuals, and how neurodivergent people experience the workplace and society more broadly.

However, awareness alone is insufficient.

In a world where only 31-34% of autistic people are employed it is important that we assess what it is we do with that awareness. How do we translate understanding into practical changes that create environments where people can perform at their best?

One of the most meaningful ways to do this is through the way we lead and structure our work. In the literal sense of being a leader at work, but also in the operational design choices that shape how teams collaborate, make decisions, and manage risk. Once we understand this better, we can turn our awareness of neurodiversity into action.

Why Inclusion Is a Security Issue

The steps we take towards inclusivity aren’t just for the benefit of neurodiverse individuals; it’s for the benefit of your entire business.

Cognitive diversity can often bring many new perspectives that can help your business operations, particularly when it comes to security discussions such as risk management. Different ways of analysing information or questioning assumptions can help uncover risks that may otherwise go unnoticed.

However, when these discussions are unstructured, we can unintentionally close ourselves off to valuable perspectives that could contribute immensely to our understanding of different areas of the business and how to keep them secure. Fast-moving conversations, unclear expectations, or informal decision-making can make it harder for some people to contribute their thinking effectively.

Security teams also frequently operate in high-pressure environments. During situations such as incident response, the clearer and more predictable a process is, the more confidently teams can respond.

In many ways, the operational practices that support inclusion are also the same practices that strengthen governance, risk management, and security maturity.

Five Practical Actions Security Leaders Can Take

As with many infosec processes, we believe simplicity and sustainability are often the best way forward. That being said, here are five simple, and practical steps that security leaders can take to create a more inclusive and effective working environment:

1. Introduce Structure Into Risk Workshops and Meetings

  • Circulating agendas in advance – This allows people to prepare their relevant thoughts on the topics of the workshop or meeting in preparation for the discussion. Often neurodiverse people communicate more confidently when they have what they want to say prepared beforehand. Providing agendas in advance allows everyone to prepare their contributions and engage more confidently in discussions.
  • Sharing materials before discussions – Similar to above, this allows people to prepare for any discussion prior to the meeting. It also helps to erase any dominance bias especially when it comes to inclusion/exclusion of information. This allows people to do their own research beforehand or afterwards if this is a more effective way for them to retain information. It also gives them the opportunity to bring any of this research, or questions that have arisen from it to the discussion.
  • Allowing written input alongside verbal discussion- Giving people the option to communicate in writing alongside verbal communication allows teams to cater to different communication styles. Some people may not feel confident speaking on a call and would prefer to plan and write out what they want to say so they can amend it to get their point across effectively. Allowing follow-up comments or written contributions after meetings can also encourage more thoughtful responses and improve the overall quality of feedback.

2. Prioritise Clear, Written Communication

Clear written communication benefits everyone in an organisation, but it is particularly valuable in security and compliance environments where accountability and traceability matter.

  • Documenting decisions and rationales- This reduces ambiguity on decisions made, who is accountable for them, and the reasons they have been put in place. It also helps people adjust to decisions quicker if they can see the intended outcome. This can be particularly helpful to neurodiverse people who struggle with unforeseen changes. It also strengthens governance oversight by creating a clear record that can be referenced later or reviewed during audits.
  • Defining expectations clearly- People often feel more confident in their work when expectations are clearly defined. This helps individuals understand what success looks like and how their responsibilities contribute to wider organisational goals Clear expectations also make it easier for employees to o take ownership of their work, and gives them the tools to advocate for themselves on that basis.
  • Reducing reliance on informal verbal updates- Informal verbal updates can easily be missed, misinterpreted, or forgotten. Ensuring they are clearly document in a place that can be referenced ensures that the information is reached and retained long term, by employees or an auditor.

3. Clarify Roles in Incident Response Plans

Incident response environments can be high-pressure, and uncertainty can quickly create confusion. Clear roles and responsibilities help ensure that teams can respond quickly and confidently.

  • Explicit role definitions- Knowing exactly who is responsible for what in a high-pressure environment can help alleviate the stress individuals may be feeling and allow them to focus solely on what they are responsible for and lessens the risk of confusion or responsibilities being overlooked.
  • Clear escalation paths- Knowing who you can turn to when you need is often reassuring for employees. It means they never feel like they have to deal with anything alone and that there is support no matter their needs. It also gives managers good organisational visibility, whilst clear escalation paths ensure issues reach the right level of authority quickly.
  • Defined decision authority- Making decisions during security incidents can be daunting, particularly when those decisions may have significant consequences. So, knowing who has decision authority in set circumstances helps employees to move more quickly and means the right person can make the right decision quicker. 

4. Provide Multiple Formats for Training and Policy Engagement

Security policies, training, and compliance guidance are most effective when people can engage with them in ways that work best for them.

  • Written guidance- A lot of people process information better when given the opportunity to ingest the information at their own pace in their own time. It also means that the information can be referred to in order to refresh memory or in times of high stress. This allows the guidance to be retained more accurately, and long term.
  • Recorded briefings- Some people, such as those with dyslexia, may struggle to take in written communication. This is why recorded briefings or recordings of meetings can be a much more helpful format for some to go back and refer to this information. It also means any of the information that needs to be passed on from the briefing can be done so easily, allowing sometimes important information to reach the places that it needs to, whenever it needs to.
  • Structured documentation- Adding structure to your documents, including but not limited to a table of contents and headings, can make your information easier to digest- especially if it is being read over a  period of time and referred back to as it ensures people are able to navigate the information in the way they need at the time. This is particularly helpful for compliance documentation where employees may need to reference specific sections quickly.

5. Enable Asynchronous Contribution

Not all valuable contributions happen in real time. Allowing people to contribute asynchronously can improve the quality of feedback and decision-making across security and compliance discussions.

  • Shared documents for feedback- Shared documents allow team members to add comments, questions, or suggestions in their own time. This often encourages more thoughtful input than fast-moving discussions alone.
  • Structured digital tools- Using structured tools such as ticketing systems, risk registers, or collaborative platforms can provide clear channels for feedback and contributions. These tools also help create traceable records of discussions and decisions.
  • Clear deadlines for input- Clear deadlines allow people to comfortably plan their work and manage their contribution. It also means that if there are any issues they can ensure they are able to communicate this in a timely manner. Being able to prioritise your work and plan your working day can often make work less stressful for neurodivergent people who have difficulty with uncertainty and change. 

You may notice that many of these steps are not exclusive to supporting neurodivergent individuals, but pretty much anyone in your business.

This is because neurodivergent are not too different from neurotypical people in a lot of ways. Often people feel more comfortable with several options with regards to how they work, and inclusive design is about making sure we have options for everyone, not just one single group or way of working.

Measuring inclusion through feedback and embedding review into governance cycles ensures that we are giving every employee in our organisation the opportunity to perform at their best, and to feel their best doing so. It is about not being rigid in the way we treat people but honouring that everybody works best differently. It is not a one size fits all option and requires continuous review and improvement.

From Awareness to Operational Action

As mentioned, awareness is just the starting point. It is the action off the basis of that awareness in how we work, how we structure our organisation, and how we treat others that we demonstrate a real investment in inclusivity and the benefits that come with it.

Including different ways of learning, thinking, and communicating allows organisations to benefit from a broader range of perspectives, which can be critical when it comes to security and compliance.

Security leaders can lead the way on this by embedding inclusion into operational design. This isn’t just a token gesture, but an intuitive and progressive way forward for the entire running of an organisation. Inclusion strengthens resilience and governance maturity by making sure everybody is able to understand and demonstrate their role in the organisation in the way that works best for them.

The fact of the matter is, we often don’t know if somebody is neurodiverse or not unless they decide to speak on it. But it is our responsibility as leaders to make sure that everybody has the tools they need to feel happy and comfortable at work as this is the best way to work towards our shared goals.

By designing systems that recognise different ways of working and learning, organisations not only support their people but also strengthen their ability to manage risk, respond to incidents, and achieve their shared goals. This is not just possible; it is the best decision you can make for your organisation.

Expand Your Knowledge