HR leaders and decision-makers of today have to remain abreast of skills gaps within their organizations. With emerging and evolving technologies like artificial intelligence growing increasingly commonplace, adapting to new demands is key, but HR leaders must ensure that worker skills do not become obsolete as their employment skill set demands change. One of the most pervasive gaps that is affecting organizations trying to navigate the evolving digital terrain is the alarming lack of cyber security awareness among workers.
Given the increasing sophistication, frequency, and severity of cyber attacks, organizations must prioritize proper cyber hygiene throughout the company. In turn, a team that understands its attack surface, its risk of exposure and knows how to exercise correct protective measures must be fostered. HR leaders must dedicate time, resources, and incentives towards aligning companies and individuals for the long haul, which is easier said than done.
However, promoting cyber hygiene and awareness throughout an organization can prove pivotal in bridging that all-important skills gap. Doing so will also empower employees to confidently and assuredly identify possible cyber attack vectors and become more familiar with protecting their data as well as that belonging to the organization. This short guide uncovers how HR leaders can work towards fostering that organizational culture of aligned cyber resilience.
The Volatile Threat Landscape for Organizations
Cyber threats constantly evolve, with innovative new attack vectors and techniques emerging daily. It’s estimated (from Statista) that cybercrime costs are expected to skyrocket from $9.22 trillion globally in 2024 to $13.82 trillion in four years, with the average cost of an attack causing serious financial harm to organizations.
Taking ransomware as an example of one of the many attack methods deployed by cybercriminals, not only is there the risk of funds being extorted, but the regulatory or statutory fines imposed on companies that fail to uphold proper cyber defenses can also be financially damaging. Additionally, there is the loss of stakeholder or consumer trust to contend with, which can have a knock-on effect on a business’s turnover.
This is just one example, however, with vulnerabilities in hardware, software, integrations, and protocols also being exploited regularly. Cybercriminals can also execute known attack methods like distributed denial-of-service (DDoS), man-in-the-middle (MITM), malware, and phishing attacks with relative ease, with the first line of defense, ostensibly, always being a human. Lapses in concentration or failure to cast watchful eyes over certain behaviors can result in exploited vulnerabilities, which is why more organizations are deploying fully managed detection and response (MDR) solutions to safeguard their infrastructure and assets.
According to the most recent Cybersecurity Workforce Study from ISC2, there is a global shortage of 4 million skilled cyber professionals, despite workforce growth in 2023, which illustrates the need for more cyber-aware employees. The skills gap in this space is widening, with an alarming shortage of capable individuals needed to combat these types of threats with confidence. The research found that the gap between in-demand workers and those who are available has risen by 12.6%, indicating a shortage of approximately 1 million people.
The Importance of Cyber Hygiene
Of course, the problem is twofold; not only are organizations under increased pressure to attract and retain staff with the right cyber skills, but they must lead by example when it comes to cyber defenses from their incumbent workforce. The proper practices and processes that individuals and organizations adopt and follow to maintain proper security across their estates contribute to better cyber hygiene.
This involves, but is not limited to:
- Keeping software and systems up-to-date with relevant security patches and testing their effectiveness.
- Using stronger and unique passwords for each account.
- Backing this up with multi-factor authentication (MFA).
- Deploying regular offsite and onsite backups.
- Exercising greater caution when opening email attachments or downloading files from seemingly innocuous sources (as these may be malicious).
However, these steps are just the bare minimum. It’s believed that promoting and enforcing good cyber hygiene across the board can significantly reduce an organization’s risk of falling victim to a data breach or malicious cyber attack. Simultaneously, upskilling and bringing employees up to speed with recommended cyber security processes and strategies will also help bolster their first line of defense.
Verizon’s recent Data Breach Investigation Report (DBIR) shows that 82% of breaches were down to some form of human error, which only emphasizes the need for stronger cyber knowledge and awareness for workforces. If more people within an organization were empowered and equipped to handle technical tasks with confidence, it could drastically close that digital skills gap while keeping assets and data much more secure.
As HR leaders continually work to align their organizational culture, closing the digital skills gap in their companies can have a bilateral effect. Fostering a culture of cyber hygiene within their organizations helps individuals and the company itself work towards more aligned short and long term goals, and the HR function is crucial to that.
Closing the Skills Gap: The Role of HR Leaders
1. Security Awareness and Training
The first step is to develop comprehensive awareness and training programs for all employees regardless of their role, tenure, or seniority. Ensuring that training is relevant and tailored to the specific needs and risks faced by the organization will help to establish a baseline level of cyber awareness. Regular refresher sessions to reinforce cyber best practices and keep teams more aware of emerging threats will also help.
2. IT and HR-Led Security Policies
The HR function must act as the proverbial ‘middle man’ between IT and security teams and the rest of the organization, to ensure that cyber procedures are aligned with the organization’s overarching strategy and culture. HR, IT and security must collectively develop and deliver policies that outline the correct behaviors and practices for all teams. Policies should be regularly reviewed and updated to reflect the evolving threat landscape and industry recommendations. Policies should also be developed in line with cyber security and regulatory compliance frameworks like GDPR.
3. Talent Acquisition and Development
As the organization hires and onboards new employees, cyber skills and knowledge should be assessed more rigorously, particularly for roles that involve sensitive data handling. Opportunities should be extended to existing staff to develop and enhance their skill sets further, particularly if moving to other departments. HR and recruitment – often an aligned internal function – should always endeavor to attract top cyber security talent, but if the recruitment side is outsourced, HR decision-makers should strive to partner with niche recruiters.
Alongside this, encouraging open communication and reporting incidents or concerns will also reinforce proper cyber hygiene.
HR leaders play a crucial role in closing the digital skills gap and fostering a culture of cyber hygiene within their organizations. However, it’s also vital to remember that cyber security is a shared responsibility that requires action and awareness from all parties, from top-level executives to frontline employees.
The salient point is that organizations that take proactive steps to make cyber security a priority, and back those values up with decisive action, will be best placed to protect themselves and their data against cyber threats, thereby positioning themselves for long-term stability.
Chester Avey is a freelance writer with more than 20 years of experience in IT and extensive knowledge of the evolving tech industry. He enjoys writing authoritative articles and up-to-date opinion pieces covering a broad scope of sectors, including: digital marketing trends, artificial intelligence, cyber-security, software solutions and e-commerce.