The role of HR leaders in cyber security

An organisation’s cyber security isn't just the responsibility of your IT department. As information security isn't just about technology; it involves people, which is why HR leaders are increasingly asked to get involved. 

The UK’s 5.4 million small businesses are collectively attacked more than seven million times a year. Ensuring you have a work-force which understands the importance of information security is crucial to protecting your firm from the expanding threat vector.

For HR professionals, purpose-driven teamwork with internal and external experts is one important way to reduce your human-related security risks.

1. Employee understanding

A major threat for your organisation is hackers, however they are not the worse thing you’re up against. It’s your employees, they are your single biggest risk. Studies have revealed that insiders cause the largest percentage of security risks. While some of these incidents are malicious or involve criminal collusion, the vast majority are related to simple, preventable mistakes. Employees could innocently click a link in an email or download malware because they lack the knowledge to identify a threat.

Today, 68% of UK businesses have no staff training for cyber attacks. HR must work with their IT department or external vendors to develop regular awareness exercises for employees.


2. Effective policies and HR documents

Within an organisation that has achieved a culture of strong understanding around information security, it should be clear the responsibility of the individual to protect sensitive data. This is where HR can collaborate with your internal or external IT department on how to bring documentation up to date. 

If your HR documentation fails to address information security, they may need to be revised to include: 

- Acceptable technology use
- Password format and changes
- Employee ethics
- Data protection responsibility and practices

3. Crisis management planning

If you find your organisation is ever subject to a security breach, restoring operations quickly can be vital to ensuring minimum revenue loss and maintaining client trust. A businesses continuity is typically an organisation-wide effort, however HR may be called upon to support efforts to educate employees on crisis behavior and analyse the "people" side of disaster recovery. 
What does the future bring

Some experts, including IBM Analyst Diana Kelley, believe it's not a question of "if" your organisation will suffer a security incident, but "when." Organisation-wide efforts can mitigate your firm's financial loss and prepare you for the best response possible.

As a HR leader you have the potential to immensely reduce risks by supporting security initiatives, improving employee awareness through training and bringing HR documentation up to date. Internal collaboration matters, but external collaboration with IT consultants or talent sourcing experts can also deliver value. Information security requires technical and human safeguards, and making sure your policies, people, staffing and documentation are up to par is a critical method of reducing your risks.


Speak to the team

about the author

Jason Willis - Divisional Manager