It’s a hot topic at the moment – cyber risk is now a subject touched upon on many occasions and is of increasing importance to businesses.
A recent report (IBM X-Force Research: 2016 Cyber Security Intelligence Index) found that 60% of cyber attacks were as a result of insider activity. According to the TTA’s insurance partner, Jelf, “insider” generally means “employee”.
The action that leads to a cyber attack might well be that of unintentional negligence (for example the simple opening of a web-link in an email), but it should also be recognised that in some cases the cause will be linked with direct malicious intent by the insider or employee concerned.
The business and reputational damage that can be caused by such an attack are of course considerable, and the recent global ransomware attack that caused chaos across almost 100 countries worldwide and majorly disrupted the UK’s National Health Service really highlights the potential impact of such an eventuality.
So it would appear self-evident that the “people factor” in cyber attacks should be a significant concern for all business, and by extension their HR functions. However Jelf say that when they highlighted this risk at one of the company’s London events last year, some people said that this subject was not relevant to the audience, and indeed had no place in an event targeted at those in Human Resources.
A similar theme was evident in the 2017 Jelf Employee Benefits Survey. For instance:
When did you last review the “people factor” cyber risk in your organisation?
In the last 12 months: 22.16%
Between 1 and 3 years ago: 5.41%
More than 3 years ago: 2.16%
Never: 23.24%
Don’t know: 47.03%
According to Jelf: “It would therefore appear that few HR units are regularly looking at this situation, and this is surely a dynamic that needs to change if the “people factor” risk to organisations is to reduce.
“So this is an area where we would strongly urge HR departments to actively ‘own’ the people factor inherent in cyber risk with the introduction of strong systems and protocols from the date of employment onwards.”
And from an Employee Benefits perspective caution is urged. Employers should seek to ensure that their choice of Employee Benefits platform is both robust and secure, and to undertake a regular review of all password protocols. In addition there should be a detailed audit of any automated employee data flow between Payroll, HR, and Employee Benefit providers to identify and resolve potential weaknesses.
The bottom line is that Human Resources professionals have a key role to play in managing and mitigating this risk, and it is no longer sufficient to expect this problem to be owned by the employer’s IT team alone.
For more information on this subject please speak to your usual Jelf Consultant in the first instance. And for more details about Cyber Insurance protection for businesses please follow this link.