The internal employee threat is still a leading cause of data breaches. According to the latest report
by the Office of the Australian Information Commissioner (OAIC), over a third of the 518
notifications it received over January-June 2020 (34 per cent) were caused by human error. This is
likely to increase as companies continue to work remotely during the pandemic.
Each cyberattack is costing Australia an average of $3.9 million. Organisations cannot afford to
continue allowing preventable attacks take place when resources to protect against human error are
available. As such, cybersecurity education and training must be re-evaluated to ensure all
employees remain cyber-vigilant while working from home.
While technologies such as firewalls and endpoint protection have a clear role to play in keeping
organisations safe, employee education is one of the best ways an organisation mitigate against
cyber threats and manage risk. Technology alone isn’t enough, organisations must develop a culture
of cybersecurity awareness, education, and training, which is impossible to achieve without the help
of senior HR leaders.
Driven by the COVID-19-accelerated move to remote working, HR leaders are increasingly
collaborating with IT leaders to devise policies, frameworks and training to better support and
educate employees on how to be cybersecurity-aware. At the same time, HR has a clear role in
helping to fill the cybersecurity talent pool gap to ensure organisations maintain a strong security
posture. It’s estimated nearly 17,000 more cybersecurity workers are needed by 2026 and HR
professionals will play a pivotal role in helping to close the skills gap.
Evaluating the skills gap issue
According to our research, inadequate education, leadership and funding are major barriers to
Australia’s cybersecurity preparedness. Across Australia, most business decision-makers believe a
lack of security expertise is a challenge for their organisation, with 65 per cent observing recruitment
of skills to be a struggle.
Compounding these issues, is the apparent confusion over cybersecurity responsibility within
organisations and a lack of understanding of the specialist skills required. A common oversight is
tasking IT staff with cybersecurity in addition to their other key responsibilities, rather than treating
cybersecurity as a role in itself. This is where it is critical for senior HR and IT leaders to closely
collaborate to determine specific skills requirements.
How HR can play a role in cybersecurity?
Ultimately, cybersecurity is about managing risk. To do that effectively, HR staff must work closely
with technology leaders to identify key areas where their team’s actions will have an outsized impact
on protecting their organisation, employees and the data their company has been entrusted with.
The mindset of an organisation’s HR team can set the culture for the entire organisation. Disengaged
employees are an attractive target for cybercriminals to exploit. Therefore, the onus is on HR leaders
to take their organisation’s security seriously and work with the necessary business and technology
teams to set the right attitudes, culture and processes to keep it secure.
Organisations must be proactive in their response to today’s cyber threats. With the ever-evolving
security landscape and the never-ending search for skills and best practices to overcome these
threats, collaboration between senior leaders is key.
Most importantly, by fostering a workplace that prioritises cybersecurity awareness and training,
and has the tools to effectively find suspicious activity, organisations will be on the right path to
strong cybersecurity hygiene.