More than half (54 per cent) of organisations believe HR must take a lead on IT security in the workplace to boost cyber security and tackle data breaches, a recent report has found.
The survey of 452 global companies from Willis Towers Watson – How Boards Can Lead the Cyber Resilient Organisation – also discovered two-thirds (66 per cent) of respondents believed collaboration between HR and information security departments was key in tackling cyber breaches, as workforce vulnerabilities contribute to many cyber incidents.
“These findings are encouraging because they signal that more organisations are involving their HR function in addressing cyber risk,” Anthony Dagostino, global head of cyber risk with Willis Towers Watson, said.
“Organisations need greater collaboration between their chief human resources officers and information security officers to truly assess the organisational cultures driving cyber risk in the first instance.”
The research additionally found almost a third (29 per cent) of UK companies had experienced a serious cyber incident in the last year, which damaged operations, finance and company reputation. Almost one in five (18 per cent) believe they will suffer an incident in the next 12 months.
Meanwhile, another report published yesterday by the British Standard Institute’s (BSI) Cybersecurity and Information Resilience centre and GovNewsDirect found 77 per cent of UK public sector organisations had experienced a cyber security breach in the last year. More than a third (32 per cent) of these breaches were caused by staff error.
Stephen Bowes, head of solutions delivery and IT at BSI, said organisations needed to invest in training and education to increase awareness of data security challenges among staff and stakeholders.
“Different organisations are at different stages of their digital journey, and as the pace of IT innovation and digital transformation continues to quicken, there are inconsistencies in how prepared organisations are in the event of a cyber-attack or a data loss incident,” he said.
“Data is as important to public services as personnel and physical infrastructures, and everyone has a responsibility to protect it.”
However, Dagostino added: “The solution isn’t always more security awareness training. It could be a leadership or incentives and rewards issue, things that fall squarely within the function of the chief HR officer.”