Why HR’s role in cyber risk management is growing

Many businesses make the mistake of thinking that cyberattacks only target bigger, higher-profile companies, simply because those stories garner news coverage.

The reality? Small businesses are the most at risk of attack.

Hackers look to take advantage of the smaller IT and training budgets to find vulnerabilities that can be used for financial gain.

This blog explores the increasing role of HR in cyber risk management in creating a stronger defence for organisations.

The role of HR in cybersecurity

While IT provides expertise in installing hardware security solutions, such as antivirus and antimalware software, firewalls, and SSL certificates, HR is the expert in policies and people.

One of the biggest risks to an organisation’s cybersecurity is employee errors, both accidental mistakes and intended data security breaches.

A University study found that employee mistakes cause 88% of data breach incidents.

Therefore, HR has a significant role to play in developing a culture of employees who are cyber risk-averse and display the required behaviours to help keep the organisation protected from cyberattacks.

Why the role is growing

Historically, protecting IT systems was seen as a problem for the IT department, and HR would have minimal involvement in cyber risk management.

However, more organisations are realising that HR has a crucial role in helping them establish strong cyber risk management processes.

How HR can help develop a culture of cyber security

While IT teams diligently defend against digital threats, HR plays a vital role in ensuring the entire company is equipped to minimise errors and enhance cyber resilience.

By promoting a positive cyber culture, HR lightens the load on IT, reducing breaches, costs, and downtime.

  • Awareness and education: HR can drive cybersecurity awareness by conducting comprehensive training and providing access to webinars, ensuring all employees understand its importance.
  • Learning and adaptation: HR can facilitate regular workshops and upskilling opportunities in cybersecurity, enabling employees to adapt to evolving threats effectively.
  • Overcoming challenges: HR can address resistance to change by fostering open communication and transparency about cybersecurity, ensuring alignment with organisational objectives.

Read more here about how leaders can create a strong cybersecurity culture.

How HR can develop a high-quality cybersecurity risk management framework


HR should ensure that comprehensive company policies, such as those related to information security, social media use, and cybersecurity, are in place.

Although the IT team will have the main responsibility for writing policies that sit within their domain, HR should have a policy management process to ensure that policies are kept up to date and are easily accessed by employees – for example, published on the company intranet site.

Setting data and access controls

Another area HR can support cybersecurity in is by ensuring that access levels are appropriate.

Access to systems and data should be restricted; this ensures that only those who are essentially required to can access data for their job responsibilities.

Background checks

Internal fraud is a problem that can lead to data breaches and HR can implement strict screening processes when recruiting, such as background checks and references.

This can help to detect candidates who represent a higher risk to the organisation.

Training and regulatory compliance

HR is responsible for regulatory compliance, including mandatory training.

Traditional regulatory compliance training is not always effective for organisations seeking to increase employee knowledge and develop a culture of high cybersecurity awareness.

Remember, almost 90% of breaches start with simple human error!

Incident response planning

HR has a vital role in maintaining incident response plans. Working closely with IT and other departments, HR selects suitable individuals for key roles within the incident response team.

HR also oversees their actions to ensure they fulfil their duties effectively during incidents. This careful oversight ensures the response team is prepared to handle cybersecurity incidents as they occur.

How Bob’s Business can help your organisation

Bob’s Business is committed to ensuring not only the effectiveness of your IT defences but also the readiness of your employees.

We work closely with your HR team to identify organisational vulnerabilities and provide tailored courses that can be delivered to employees.

By leveraging our expertise and innovative approach, we empower organisations to navigate the complexities of cybersecurity with confidence.

With Bob’s Business by your side, you can effectively minimise errors, reduce breaches, and mitigate the impact of cyber incidents on your business operations.

Leave a comment

Your email address will not be published. Required fields are marked *