A recent survey has chillingly revealed that only 22% of businesses have reviewed their cyber risk in the last 12 months. Steve Herbert, Head of Benefits Strategy at Jelf Employee Benefits is urging HR departments to get involved by ensuring that the “people factor” in cyber risk is managed more effectively.
The recent global ransomware attack that caused chaos across almost 100 countries worldwide and majorly disrupted the UK’s National Health Service, highlights the potential fiscal and reputational damage of cyber-crime to UK business. And with a recent report* highlighting that 60% of all such attacks were as a result of insider activity, through unintentional negligence or malicious intent, it is clear that this concern should be a key factor in the thinking of Human Resources (HR) departments across the country.
The costs for employers who get data security wrong can be crippling. Both Sony Pictures and supermarket giants Morrisons were the subject of leaked employee data, Sony’s settlement cost them a cool £8M and Morrisons faced a law suit from over 6000 staff, as well as spending substantial sums on additional security measures to protect employees. However, neither of these cases is recent, both received widespread publicity and it seems that other employers have been slow to respond.
Unfortunately, the 2017 Jelf Employee Benefits Survey also demonstrates that HR departments are yet to fully engage with this important dynamic of the modern business world. Almost half of the respondents (47%) did not know when this issue was last considered, and only 22% have reviewed their organisation’s “people factor” cyber risk in the last year.
Steve Herbert, Head of Benefits Strategy at Jelf Employee Benefits said;
“These findings are both rather surprising and worrying. It is widely accepted that one of the biggest risks in cyber security is centred on employees, be that because of inadvertent mistakes or direct criminal activity. It therefore follows that Human Resources professionals have a key role to play in managing and mitigating this risk. It is no longer sufficient to expect this problem to be owned by the IT team alone.”
The survey also found that only 17% of the employers represented believed that the “people factor” risk was being sufficiently dealt with by their organisation, with just over one in five (21%) of employers actively working on improving this key security concern.
“We would strongly urge HR departments to actively ‘own’ the people factor inherent in cyber risk with strong systems and protocols from the date of employment onwards.
“We would also encourage HR teams to ensure that their choice of Employee Benefits platform is both robust and secure, and to undertake a regular review of all password protocols. In addition we would suggest a detailed audit of any automated employee data flow between Payroll, HR, and Employee Benefit providers to identify and resolve potential weaknesses before they become a problem.”