February 8, 2016
Human resources has a key role to play in improving the cyber security of UK workplaces. That is the key challenge addressed by a new joint initiative from the Chartered Institute for Personnel and the Development and the Department of Culture, Media and Sport. Data breaches cost companies up to an average of £1.46 million are often a result of human error and malice, according to the CIPD. The initiative includes a free online course called Cyber Security for HR professionals as part of a wider initiative to promote the importance of cyber security at work, as well as the critical role that HR has to play in ‘mitigating the competency and behavioural risks present in the workplace’. Government figures released last year indicated that the costs associated with the most severe breaches now start at £1.46 million for large businesses, up from £600,000 in 2014, and can reach up to £310,000 for small businesses, up from £115,000.
The research also claims that most breaches are staff related as a result of employees’ inadvertent use of technology, through either not understanding risks, mistakes or lack of compliance to organisational policies. This calls out the need for a stronger engagement and connections between the HR, IT and security communities to focus on what is increasingly seen as one of the most significant and growing risks organisations of all kinds face.
Minister for Culture and the Digital Economy, Ed Vaizey, said: “HR professionals handle sensitive personal data so it’s crucial they are able to protect this properly. They are also responsible for recruiting, managing and developing the workforce in most organisations, so are in the perfect position to help colleagues understand cyber security. The new e-learning module we’re launching with the CIPD will help the HR profession tackle cyber threats and help keep our citizens and businesses safe in cyber space.”
The CIPD’s latest HR Outlook report highlights how nearly half of non-HR leaders (46%) and two-fifths of HR leaders (38%) include risks to cyber security of one form or another among their top three technology-related issues. To address this, the CIPD has been engaging with a number of communities and organisations including the Government, CPNI and influential groups like SASIG on the issue to promote greater awareness and understanding.
The ‘Cyber Security for HR Professionals’ module is funded by the Government’s National Cyber Security Programme which aims to improve cyber security skills and make the UK the safest place to do business online. The free e-learning module aims to help HR professionals protect themselves and sensitive HR data, help educate the wider workforce on the risks and individuals’ role in preventing them, and explain to staff how a culture of care can protect the business as a whole.
Peter Cheese, CIPD chief executive, said: “Risk is fundamentally down to how people make decisions and judgements and, while most people won’t do this with malicious intent, businesses can still be left exposed. More secure technology, of course, is part of the solution, but organisations need to think much more broadly and consider how they are equipping their employees with the knowledge and understanding they need to help to protect their organisation and its data. Understanding behavioural risk may lead to greater use of technology to monitor people and their actions at work, but it’s important that we balance that with the right ethical considerations and trust and empowerment of employees. We also need to look at the cultures and systems in place that can lead people to make mistakes that expose organisations to risks, whether this is a long-hours culture or people simply not having the tools to do their jobs properly. We’re very pleased to be working with the Department for Culture, Media and Sport on this important agenda which will only continue to grow in significance as the workplace grows ever-more digitised.”