Menu
In today’s hyper-connected business world, cybersecurity is no longer solely the domain of IT. As cyber threats escalate in sophistication, driven significantly by advancements in Artificial Intelligence (AI), the Human Resources (HR) function is emerging as a critical partner in building a resilient organizational defense. HR’s unique position as the custodian of employee well-being and organizational culture makes it indispensable in mitigating risks and fostering a security-aware workforce.
There are many ways to mitigate risk in cybersecurity, but at OrgShakers, we believe training and HR’s role in training is vital for cybersecurity risk mitigation.
Recent data underscores the urgency of this collaboration. According to 2024 figures from the Office for National Statistics, cybersecurity is a high priority for senior management in 75% of businesses and 63% of charities. Despite this heightened awareness, the threat remains substantial: half of all businesses (50%) and approximately a third of charities (32%) in the UK reported experiencing a cyber security breach or attack in the 12 months leading up to April 2024. The average cost of a data breach globally reached an all-time high of $4.88 million in 2024, with business disruption and post-breach customer support driving a 10% cost jump from 2023. These figures highlight that technical solutions alone are insufficient; the human element, which accounts for 68% of breaches when excluding malicious privilege misuse, is the most significant vulnerability and the first line of defense.
AI has dramatically altered the cybersecurity landscape, posing both new challenges and opportunities. While AI-powered tools are being leveraged by defenders for threat detection, automated response, and predictive analytics, cybercriminals are also harnessing AI to craft more convincing and scalable attacks. This “AI vs. AI” dynamic is pushing the cybersecurity field towards an arms race.
For HR professionals, the implications are profound. AI-driven attacks have made traditional phishing exercises far more potent. Scammers can now use AI to clone voices from short audio clips or generate “deep fakes” – fake photos and videos – to make social engineering tactics incredibly convincing. This means employees are facing increasingly sophisticated attempts to trick them into revealing sensitive information or installing malware. For instance, fake contracts of employment, complete with company logos and relevant information extracted from public websites, are now being used in highly authentic-looking scams. Social media also presents an added risk, with new hires often targeted by phishing scams as they are perceived as less familiar with internal processes.
HR and Cybersecurity has an opportunity to go hand-in-hand. HR’s involvement in cybersecurity initiatives is not merely beneficial; it is imperative. By integrating cybersecurity into various HR functions, organizations can significantly bolster their defenses:
Despite the critical need, a significant gap exists in employee cybersecurity education. A 2024 global poll revealed that 40% of employees have never received cybersecurity training from their organization, and only 27% believe their organization’s security measures are very secure. Even when training is offered, engagement can be low due to a “it won’t happen to me” attitude or a lack of understanding of the seriousness of threats. This oversight can be devastating, as demonstrated by incidents like the 2022 NHS phishing campaign that compromised over 130 email accounts.
To truly “land” cybersecurity training, HR professionals must adopt a continuous, engaging, and relevant approach:
The convergence of HR and cybersecurity strategies is not just beneficial; it is a strategic imperative for organizations navigating the increasingly complex digital landscape. As AI empowers cybercriminals with more sophisticated attack vectors, the human element becomes simultaneously the greatest vulnerability and the most potent defense. HR professionals, by leveraging their expertise in talent management, policy development, and cultural influence, are uniquely positioned to transform employees from potential weak links into a robust, security-aware human firewall. At OrgShakers, we recognize the critical synergy between HR and cybersecurity. By fostering a collaborative environment, strengthening recruitment protocols, implementing clear policies, championing continuous and engaging training, and proactively addressing insider threats, HR can significantly enhance an organization’s overall cybersecurity posture. We are committed to helping you usher in a new era of collaboration between HR and cybersecurity teams, synergizing your efforts to strengthen defenses and build a future where the security and well-being of your organization are mutually reinforced. If you would like to discuss creating a comprehensive cybersecurity roadmap in conjunction with your HR function, ease get in touch with us today!.