Are you overlooking your HR team’s role in managing cyber risks?

Supporting people and organisations to thrive | 5 minute read

Our People and Talent specialists share how it’s not just your cyber insurance policy that’s important - your HR team and/or employees also have a crucial role to play in keeping your business resilient in the face of growing cyber risks.

Key takeaways

1. Human error accounts for the vast majority of cyber incidents worldwide. As a result, it makes sense that people are a vital part of the solution.

2. A cyber conscious workforce can help mitigate the risk of cyber-attacks. Recent examples have shown how disastrous these can be to businesses of all sizes.

3. Employee cybersecurity training can help you maintain commitment to compliance and develop overall business resilience.

Cybersecurity isn't just a tech issue...

It's a people issue too. People management in the context of cybersecurity, or "cyber-HR", is about using smart HR practices to reduce cyber risk, protect sensitive data, and strengthen your overall cyber resilience.

95%

of data breaches worldwide are a result of human error¹

Source: Infosecurity Magazine

83%

of UK employees haven’t received full cybersecurity training²

Source: HR Magazine

Human error is still the biggest cyber risk

Most cyberattacks succeed because someone clicks a suspicious link or, as has recently been demonstrated in the news, uses a weak password. Despite complying with industry standards and having cyber insurance in place, one weak password was all it took to allow cyber-criminals to sink 158-year-old company KNP and put its 700 people out of work.³

By raising awareness and embedding good practices, HR can help reduce this risk significantly.

Compliance

HR ensures staff follow security procedures and supports legal compliance and insurance.

Employee wellbeing

The stress and reputational damage of a cyber breach can seriously affect employee wellbeing. HR can provide reassurance and support

Saving through prevention

Investing in training and awareness is a cost-effective way to mitigate the risk of encountering a cyber-attack or data breach.

Security-first culture

Embedding cybersecurity in onboarding and training builds long-term resilience.

Balancing security & privacy

HR must balance strong controls with clear, respectful data privacy policies

Adaptability

HR professionals must stay informed and adapt to keep up with constantly changing cyber threats

Recruitment and onboarding

Conducting background checks, verifying credentials, and clearly communicating your cybersecurity policies from day one helps set the tone. Early awareness can help reduce the risk of human error – one of the most common causes of cyber incidents.

Maddy Roberts
Head of Recruitment Project Partnering

Learn more

Incident response

HR has a critical role in the company’s cyber incident response plan. From communicating clearly with staff during a breach to supporting affected individuals and coordinating with other departments, HR can help the business stay focused and resilient during a crisis.

Steve Foulger
Director of Organisational Change and HR Services

Talk to us

Training and awareness

Effective cybersecurity training is one of the best defences against threats like phishing or social engineering. HR should lead regular, practical training sessions across the business, helping employees understand what to look out for and how to stay safe online.

Joanna Bristow
People Development Manager

Get in touch

Data protection

HR teams manage large volumes of sensitive employee data, making them a prime target for cybercriminals. It’s vital to have secure systems, limited access controls, and strong data protection measures in place.

Megan Byrne
Organisational Transformation and People Services Consultant

Find out more

Performance and accountability

Good cyber hygiene should be reflected in how staff are managed. That might include recognising teams who demonstrate strong security behaviours – and taking action when policies are ignored.

Olly Deasy
People Development Partner

Explore

From recruitment and training to performance management and incident response, your HR team can help you mitigate the risk of human error, strengthen defences against cyber threats and help you bounce back quickly when issues arise.

Megan Byrne
Organisational Transformation and People Services Consultant,
People and Talent - NFP Europe

Find out more

To discuss your needs and how we can help your HR team drive real positive cyber change and resilience within your business, reach out to one of our dedicated specialists today.

01491 414010 peopleandtalent@nfp.co.uk

This insights article is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this article, NFP does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this article. This article has been compiled using information available to us up to its date of publication.

NFP contributors

Maddy Roberts
Head of Recruitment Project Partnering

Steve Foulger
Director of Organisational Change and HR Services

Joanna Bristow
People Development Manager

Megan Byrne
Organisational Transformation and People Services Consultant

Olly Deasy
People Development Partner

References