HR departments must own the “people factor” in Cyber Risk
Survey reveals that only 22 percent have reviewed their cyber risk in the last 12 months. The recent global ransomware attack that caused chaos across almost 100 countries worldwide and majorly disrupted the UK’s National Health Service, highlights the potential fiscal and reputational damage of cyber-crime to UK business. Comment Steve Herbert, Head of Benefits Strategy at Jelf Employee Benefits.
With a recent report* highlighting that 60 percent of all such attacks were as a result of insider activity, through unintentional negligence or malicious intent, it is clear that this concern should be a key factor in the thinking of Human Resources (HR) departments across the country. Yet the 2017 Jelf Employee Benefits Survey demonstrates that HR departments are yet to fully engage with this important dynamic of the modern business world. Almost half of the respondents (47 percent) did not know when this issue was last considered, with only 22 percent having reviewed their organisation’s “people factor” cyber risk in the last year.
Steve Herbert, Head of Benefits Strategy at Jelf Employee Benefits said; “These findings are both rather surprising and worrying. It is widely accepted that one of the biggest risks in cyber security is centred on employees, be that because of inadvertent mistakes or direct criminal activity. It therefore follows that Human Resources professionals have a key role to play in managing and mitigating this risk. It is no longer sufficient to expect this problem to be owned by the IT team alone.”
The survey also found that only 17 percent of the employers represented believed that the “people factor” risk was being sufficiently dealt with by their organisation, with just over one in five (21 percent) of employers actively working on improving this key security concern. Herbert concluded; “We would strongly urge HR departments to actively ‘own’ the people factor inherent in cyber risk with strong systems and protocols from the date of employment onwards.
“We would also encourage HR teams to ensure that their choice of Employee Benefits platform is both robust and secure, and to undertake a regular review of all password protocols. In addition we would suggest a detailed audit of any automated employee data flow between Payroll, HR, and Employee Benefit providers to identify and resolve potential weaknesses before they become a problem.” Data taken from the 2017 Jelf Employee Benefits Survey.