AI, Automation and the Employee: Preparing Staff for New Cyber Risks

October marks Cybersecurity Awareness Month, and this year it feels particularly timely to shine a light on one of the fastest-emerging challenges for organizations: the risks introduced by AI and automation.

Generative AI tools and automated workflows are becoming embedded across industries. They promise efficiency, creativity, and speed, but they also bring new vulnerabilities that many employees (and even leaders) aren’t fully prepared for…and this is where HR has a critical role to play.

New Risks in the AI Era

AI is reshaping the threat landscape in ways that feel both familiar and unfamiliar. A few examples include:

• Deepfakes and voice cloning – fraudsters now use realistic AI-generated content to impersonate executives or colleagues, tricking employees into transferring funds or disclosing sensitive information.
• Prompt injection and manipulation – staff experimenting with generative AI tools could unknowingly expose confidential data or be misled by manipulated prompts that skew outputs.
• Data leakage – employees may paste sensitive client or company data into public AI tools, unaware that this information could be stored, reused, or exposed.
• Automated phishing – attackers can now scale and personalise phishing campaigns with AI, making them more convincing than ever.

Why HR Must Step In

These risks can’t be managed by IT and cybersecurity teams alone. They are fundamentally people risks that are shaped by behaviour, awareness, and culture. HR sits at the intersection of policy, training, and employee engagement, making it essential to bring staff along in this new era of digital work.

So, what are some practical steps that HR leaders can take?

• Update training – go beyond traditional phishing awareness and include AI-specific risks, showing staff real examples of deepfakes or AI-driven scams.
• Set clear guidelines – develop policies on what data can (and cannot) be used in AI tools, and make these practical rather than overly restrictive.
• Promote a safe culture – encourage employees to report suspicious AI content without fear of blame. Curiosity and openness should be rewarded, not punished.
• Collaborate with IT – jointly design simulations and awareness campaigns that feel relevant and engaging, rather than purely technical.
• Lead by example – HR leaders using AI responsibly in their own work send a powerful signal that awareness starts at the top.

Looking Ahead

AI and automation aren’t going away – if anything, their presence in the workplace will only accelerate. The organisations that thrive will be those that empower their employees to use these tools safely and responsibly.

As we mark Cybersecurity Awareness Month, the message is clear: technology may evolve quickly, but people remain at the heart of cyber resilience. If you would like to discuss how we can help ensure your staff are trained and well-versed in cybersecurity practice, please get in touch with me at sayid@orgshakes.com