HR should take the lead in developing cyber resilience, report finds

6 Sep 2018 By Emily Burt

Working with IT teams could reduce the risk of data breaches caused by employee error

More than half (54 per cent) of organisations believe HR must take a lead on IT security in the workplace to boost cyber security and tackle data breaches, a recent report has found. 

The survey of 452 global companies from Willis Towers Watson – How Boards Can Lead the Cyber Resilient Organisation – also discovered two-thirds (66 per cent) of respondents believed collaboration between HR and information security departments was key in tackling cyber breaches, as workforce vulnerabilities contribute to many cyber incidents. 

“These findings are encouraging because they signal that more organisations are involving their HR function in addressing cyber risk,” Anthony Dagostino, global head of cyber risk with Willis Towers Watson, said. 

“Organisations need greater collaboration between their chief human resources officers and information security officers to truly assess the organisational cultures driving cyber risk in the first instance.” 

The research additionally found almost a third (29 per cent) of UK companies had experienced a serious cyber incident in the last year, which damaged operations, finance and company reputation. Almost one in five (18 per cent) believe they will suffer an incident in the next 12 months. 

Meanwhile, another report published yesterday by the British Standard Institute’s (BSI) Cybersecurity and Information Resilience centre and GovNewsDirect found 77 per cent of UK public sector organisations had experienced a cyber security breach in the last year. More than a third (32 per cent) of these breaches were caused by staff error.

Stephen Bowes, head of solutions delivery and IT at BSI, said organisations needed to invest in training and education to increase awareness of data security challenges among staff and stakeholders. 

“Different organisations are at different stages of their digital journey, and as the pace of IT innovation and digital transformation continues to quicken, there are inconsistencies in how prepared organisations are in the event of a cyber-attack or a data loss incident,” he said. 

“Data is as important to public services as personnel and physical infrastructures, and everyone has a responsibility to protect it.” 

However, Dagostino added: “The solution isn’t always more security awareness training. It could be a leadership or incentives and rewards issue, things that fall squarely within the function of the chief HR officer.”

People Director

People Director


Circa £75,000


Senior HR Business Partner x2

Senior HR Business Partner x2

UAL - High Holborn, London UK

£52,073 - £62,900 per annum

University of the Arts, London

HR Business Partner

HR Business Partner

LCC - Elephant and Castle, London UK

£45,603 - £54,943 per annum

University of the Arts, London

View More Jobs

Explore related articles