How CHROs can get on top of cyber risks
Cyber is no longer the sole domain of IT – creating a culture of security across the organisation is more important than ever.
The challenges for you as a Chief Human Resources (CHRO) include a widening cyber skills gap in the market. Access to talent and training could make the difference. Managing the human factor through employee awareness and training is a critical first line of defence. Strong identity and access management is also key to an organisation’s cyber defences and HR often has a big role to play in managing joiners, movers and leavers.
The resulting questions for you as a CHRO include:
1How do we create a culture of cyber security across the organisation?
HR plays a pivotal role in making cyber security a priority. This includes building cyber awareness into onboarding and training, assigning the correct roles and associated access rights and adjusting or closing these as people move teams or leave the organisation. Crucially, HR can also help instil a security culture by building it into communications, objectives and performance management.
In some cases, establishing cyber security champions in business functions can help to embed the security goals of the organisation into each team, giving people a designated point of contact who can promote good practice. Establishing recognition and rewards (even if these are non-financial) can also be an effective way to promote the right behaviours.
2How can HR best support the cyber goals of the organisation?
Ensure that you as a CHRO have a seat at the table when cyber security strategy is being set and progress assessed. You should influence how the strategy will be communicated and embedded across the organisation, and oversee the establishment of core cyber security training including phishing simulation exercises. This should include a clear position on how to deal with people who continually fail tests or comply with policies. Responses could include mandatory enrolment in additional training.
Your role within internal communications makes you a key player in communicating evolving cyber threats and expectations surrounding them. You can also instil the right behaviour through targeted training and performance assessment. You will likely also be accountable for key people policies that have associated security and data protection provisions, and managing compliance with these. You should have a clear policy enforcement position when key security provisions in these policies are not complied with.
The CISO will likely need your support with attracting and retaining security talent into the organisation, as well as establishing training programmes and new career pathways to help address the widening security skills gap in the global marketplace.
How Berkeley can help
At Berkeley, we have experience of helping CROs answer these questions through all stages of their cyber journey. We can help you to:
- Define and deliver your cyber communications strategy
- Deliver capability uplifts in areas such as executive training and incident response preparation.
Get on top of your cyber risks
Discover the key cyber-related questions other members of your leadership team should consider
CEO
Strengthen your security and readiness to respond. Read more.
CIO
Allocate the right roles and responsibilities. Read more.
Head of Procurement
Ensuring your supply chain security. Read more.
NED
Know the right questions to ask to cut through the jargon. Read more.
CFO
Ensure external stakeholders are satisfied. Read more.
CISO
Improve your ability to navigate the cyber landscape. Read more.
CRO
Enhance your security and risk management. Read more.
Related services
The author
