The regulatory and cyber risk landscapes are reshaping the role of human resources. As a result, information security/information technology (InfoSec/IT) professionals are increasingly being asked to assist organisations in determining and enforcing employee data permissions, training employees on cybersecurity policies, and assisting with employee-related cyber incidents in order to be prepared for any kind of cyber attack. This chapter delves into the role of HR in managing cyber risk and provides recommendations on how organisations can manage cyber risk effectively to support their HR departments.
TopIntroduction
Information security and information technology (InfoSec/IT) professionals are increasingly being asked to assist organisations in determining and enforcing employee data permissions, training employees on cybersecurity policies, and assisting with employee-related cyber incidents (Ma, 2021). Increased employee reliance on technology and devices, combined with a greater emphasis on cybersecurity as an organisational value, has all contributed to increased human resource involvement. HR is also responsible for managing data disclosures and breaches. As a result of these incidents, businesses may incur significant financial losses, face legal action, and lose the trust of their customers. Employees' initial (and final) contact with human resources is critical for establishing and maintaining a robust cybersecurity culture. As the value of cybersecurity training for employees has grown, human resources have taken a greater role in developing training sessions (Thuraisingham, 2020).
Figure 1.
Cyber security trends (Marsh, 2020)
Employee data and security practises are critical in determining an organisation's overall security. According to Mercer's 2020 Global Talent Trends Study, more than six in ten executives (62%), believe that the greatest threat to their organisation's cybersecurity is not hackers or vendors, but rather their employees' failure to follow data security rules (Marsh, 2020). Despite this, a recent survey conducted by Marsh and Microsoft discovered that human resources are rarely the primary owner or driver of cyber risk management, as over 88% of businesses continue to delegate cyber risk to information technology/information security, which is then delegated to risk management, legal, and finance (Marsh, 2020). This situation must be corrected. Even in a remote work environment, it is critical for data and technology risk management to have a strong partnership between information security, information technology, and human resources (Ali & Edghiem, 2021). In four critical areas, the regulatory and cyber risk landscapes are reshaping the role of human resources (Trim & Lee, 2016). Therefore, this chapter explores the role of HR in cybersecurity, with particular emphasis on cyber risk management and recommendations to manage such risk.