Hadley Baldwin
Cyber is no longer the sole domain of IT – creating a culture of security across the organization is more important than ever.
The challenges for you as a Chief Human Resources (CHRO) include a widening cyber skills gap in the market. Access to talent and training could make the difference. Managing the human factor through employee awareness and training is a critical first line of defence. Strong identity and access management is also key to an organization’s cyber defences and HR often has a big role to play in managing joiners, movers and leavers.
The resulting questions for you as a CHRO include:
HR plays a pivotal role in making cyber security a priority. This includes building cyber awareness into onboarding and training, assigning the correct roles and associated access rights and adjusting or closing these as people move teams or leave the organization. Crucially, HR can also help instil a security culture by building it into communications, objectives and performance management.
In some cases, establishing cyber security champions in business functions can help to embed the security goals of the organization into each team, giving people a designated point of contact who can promote good practice. Establishing recognition and rewards (even if these are non-financial) can also be an effective way to promote the right behaviours.
Ensure that you as a CHRO have a seat at the table when cyber security strategy is being set and progress assessed. You should influence how the strategy will be communicated and embedded across the organization, and oversee the establishment of core cyber security training including phishing simulation exercises. This should include a clear position on how to deal with people who continually fail tests or comply with policies. Responses could include mandatory enrolment in additional training.
Your role within internal communications makes you a key player in communicating evolving cyber threats and expectations surrounding them. You can also instil the right behaviour through targeted training and performance assessment. You will likely also be accountable for key people policies that have associated security and data protection provisions, and managing compliance with these. You should have a clear policy enforcement position when key security provisions in these policies are not complied with.
The CISO will likely need your support with attracting and retaining security talent into the organization, as well as establishing training programs and new career pathways to help address the widening security skills gap in the global marketplace.
At Berkeley, we have experience of helping CROs answer these questions through all stages of their cyber journey. We can help you to:
Discover the key cyber-related questions other members of your leadership team should consider
Strengthen your security and readiness to respond. Read more.
Allocate the right roles and responsibilities. Read more.
Ensuring your supply chain security. Read more.
Know the right questions to ask to cut through the jargon. Read more.
Ensure external stakeholders are satisfied. Read more.
Improve your ability to navigate the cyber landscape. Read more.
Enhance your security and risk management. Read more.
Share: