HR should take the lead in developing cyber resilience, report finds
HR should take the lead in developing cyber
resilience, report finds By Emily Burt
Working with IT teams could reduce
the risk of data breaches caused by employee error.
More than half (54 per cent) of
organisations believe HR must take a lead on IT security in the workplace to
boost cyber security and tackle data breaches, a recent report has found.
The survey of 452 global companies
from Willis Towers Watson – How Boards Can Lead
the Cyber Resilient Organisation – also discovered two-thirds (66
per cent) of respondents believed collaboration between HR and information security
departments was key in tackling cyber breaches, as workforce vulnerabilities
contribute to many cyber incidents.
“These findings are encouraging
because they signal that more organisations are involving their HR function in
addressing cyber risk,” Anthony Dagostino, global head of cyber risk with
Willis Towers Watson, said.
“Organisations need greater
collaboration between their chief human resources officers and information
security officers to truly assess the organisational cultures driving cyber risk
in the first instance.”
The research additionally found
almost a third (29 per cent) of UK companies had experienced a serious cyber
incident in the last year, which damaged operations, finance and company
reputation. Almost one in five (18 per cent) believe they will suffer an
incident in the next 12 months.
Meanwhile, another report published yesterday by the British
Standard Institute’s (BSI) Cybersecurity and Information Resilience centre and
GovNewsDirect found 77 per cent of UK public sector organisations had
experienced a cyber security breach in the last year. More than a third (32 per
cent) of these breaches were caused by staff error.
Stephen Bowes, head of solutions
delivery and IT at BSI, said organisations needed to invest in training and
education to increase awareness of data security challenges among staff and
“Different organisations are at
different stages of their digital journey, and as the pace of IT innovation and
digital transformation continues to quicken, there are inconsistencies in how
prepared organisations are in the event of a cyber-attack or a data loss
incident,” he said.
“Data is as important to public
services as personnel and physical infrastructures, and everyone has a
responsibility to protect it.”
However, Dagostino added: “The
solution isn’t always more security awareness training. It could be a
leadership or incentives and rewards issue, things that fall squarely within
the function of the chief HR officer.”