Close this search box.

HR is highly-vulnerable to cyber-attacks

SMEs in the HR & recruitment sector find themselves among the most vulnerable in the UK according to a new report. Payroll fraud, recruitment scams, corporate espionage – cyber-attackers have found numerous routes into organisations via HR and their recruitment agencies.

A new research report reveals how technology decision makers at UK SMEs are prioritising cyber security to ensure business continuity and growth

The report from OGL Computer also highlights newer technologies such as robotics and AI that SMEs plan to adopt, how SMEs are using technology to power remote workforces and what technologies they are adopting for growth.

Cyber security features heavily in the report with respondents revealing attack frequency, cyber strategy status and employee training to combat hackers.

The vast majority of UK SMEs (81%) confirmed that they had suffered a data breach or cyber-attack, with a considerable two in five (37%) admitting they had suffered multiple breaches.

Industry verticals had a significant bearing here, with the HR & recruitment, healthcare, IT & telecoms and legal industries topping the list of those suffering multiple attacks.

Reasons to attack key industries

HR & Recruitment
Payroll fraud, recruitment scams, corporate espionage – cyber-attackers have found numerous routes into organisations via HR. Any identifiable information is valuable to criminals, and payroll and other HR systems are a treasure trove of names, addresses and bank details. If this is compromised, not only can it affect individual employees, it also gives attackers more ammunition with which to increase the likelihood of a successful attack on other parts of the business.

Additionally, recruitment agencies are prime targets for malware. If hit by a data breach, employment agreements and sensitive documents such as passport scans and visa details are all left exposed.

Public sector healthcare providers are particularly susceptible to supply chain attacks that exploit the chain of trust, targeting the valuable personal data which healthcare providers store and process. Suppliers can be seen as more vulnerable and an easier route for attackers to gain access to a more lucrative target. Hospitals store an incredible amount of valuable, confidential patient data which hackers can sell on easily – making any supplier to the industry a target.

IT & Telecoms
Some IT companies may store large amounts of sensitive customer data, while cloud storage and computing service providers, developers of security software, or file-sharing solution providers, are often the targets of supply chain compromise attempts.

Direct attacks seek to access the organisation’s network operations and data while indirect attacks target subscribers within the telecoms sector. SME suppliers may be a gateway into the network – once inside, cyber criminals can easily access data and intercept calls, as well as control and impersonate subscribers.

The legal sector is particularly vulnerable to cyber-attacks due to the volume of data, sensitive information, financial responsibility and authority held. If a law firm specialises in corporate or property law, they are at increased risk, as the potential for financial gain is greater. Although the main reason law firms are targeted is for financial gain, there is also a growth in bad actors using cyber-attacks to achieve political, economic or ideological goals[1].

The manufacturing sector, which includes automotive, electronics, and pharmaceutical companies, has always been a vulnerable industry when it comes to cyber-crime and security breaches. This is because intellectual property is incredibly valuable, and often manufacturing firms rely on highly specific software packages that are difficult to patch against recent exploits, making them highly vulnerable to attack.

The threats facing organisations working directly and indirectly with the finance sector go far beyond simple theft. Cyber threats facing banks, insurance companies, asset managers and similar organisations range from basic consumer-grade malware all the way up to highly targeted attacks from organised criminals and state-sponsored actors. Financial service providers are a hacker’s favourite, given the nature of the private information held by those organisations.

Cyber security has been front of mind for SME customers for some time now, as awareness of cyber-risks continues to rise. Proactive management of IT requirements is in many ways connected to this trend, as businesses of all sizes look to compliance requirements as well as asset protection and disaster recovery.


    Read more

    Latest News

    Read More

    Navigating Employment Law Changes: The Impact of the Flexible Working Act and Platform Workers Directive in 2024 – ARTICLE FROM ISSUE 236 – JUNE 2024

    14 June 2024


    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    Director of Human Resources – Blackfriars, London About Hyatt Regency London Blackfriars Hyatt Regency London Blackfriars is located directly outside Blackfriars station, a few minutes

    You will lead the local HR team and deliver the agreed services for all BASF’s operating divisions and legal entities.From BASF – Thu, 13 Jun

    This is a permanent and full-time position which will ideally be based within a commutable distance from our Leeds Shared Service Centre.From Indeed – Mon,

    At Dalkia Energy Services (a Dalkia UK Division), we develop, deliver, and operate sustainable energy services and solutions to help the transition into an…From Indeed

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE