CHROs’ Expanding Role in Cybersecurity

With data breaches at record highs, Chief Human Resource Officers (CHROs) are crucial in cybersecurity efforts. They must lead anti-phishing training and respond swiftly to incidents. Effective CHRO involvement helps prevent breaches and ensures a rapid response, safeguarding sensitive data and reinforcing company security, agree experts.

Cybersecurity is no longer solely an IT concern; it has become a critical issue that involves all departments, including HR. With a record 3,205 data compromises affecting over 350 million victims in 2023, according to the Identity Theft Resource Center, the role of CHROs in cybersecurity is increasingly crucial. The rise in data breaches, driven significantly by phishing attacks, underscores the need for HR to take an active role in both preventing and responding to cyber threats.

Phishing remains a prevalent threat, constituting 16% of all data breaches, with an average cost of US$4.76 million per incident. This is higher than the overall average breach cost of US$4.45 million, according to IBM. Given that human error is a major factor in data security incidents, CHROs must implement robust anti-phishing training programs. This includes running simulated phishing campaigns and organizing contests to help employees recognize fraudulent emails and other security threats. 

HR Dive highlights that in the event of a cyberattack, CHROs must be prepared to respond swiftly and effectively. Companies should have a comprehensive incident response plan that includes the CHRO’s role in communicating with employees during a crisis. Justin Miller, Associate Professor, University of Tulsa emphasizes that CHROs need to be equipped to act independently in response to cyber incidents, rather than relying on IT departments, which can delay critical actions.