Abstract
Data compromise is one of the foremost threats facing organisations today. The number, and sophistication, of breaches is growing as technologies such as cloud services, disruptive technologies, and mobile working, render firms increasingly vulnerable to sabotage, extortion and espionage. This paper explores the crucial role of Human Resource Management in helping to protect and secure organisations from both external and insider threats. Specifically the study focuses upon the integration and utilisation of HRM departments within broader organisational strategy to meet cyber security breaches. It is argued that HRM is not utilised as extensively as it could, and should, be on either a day-to-day or strategic level to meet the challenges of cybercrime. HRM and business leaders, must do more to ensure that HRM professionals are utilised in a more dedicated and focused manner to contribute to enhancing their organisation’s security.
The study is grounded in a quantitative survey of a number of HRM professionals employed in 20 small and medium-sized firms based in southern England. The survey elicits a range of information concerning the participants’ awareness of information security threats, measures taken by their firms to raise awareness of these issues and enact strategies to mitigate the risks, the role of HRM departments in supporting and developing cyber security good practice, and how cyber security features in the participants’ own jobs, and professional development and training.
Despite the small sample size, our analysis shows that cyber security is recognised as a significant threat in business today. However, only approximately half of firms, even many of the larger ones, have not included cyber security in their induction programmes, policies, and training; or, if they have, do not regularly update it. Whilst cyber security issues are encountered by HRM professionals in the course of their jobs, they rarely receive training in this area and are never provided with dedicated training to meet cyber security threats from an HRM perspective. It is argued that, given the nature of many cyber incidents, in particular the insider threat, HRM has much to offer to enhance current strategy and practice and that businesses would be better protected if they developed and enlisted the skills of their HRM teams strategically.
The study is grounded in a quantitative survey of a number of HRM professionals employed in 20 small and medium-sized firms based in southern England. The survey elicits a range of information concerning the participants’ awareness of information security threats, measures taken by their firms to raise awareness of these issues and enact strategies to mitigate the risks, the role of HRM departments in supporting and developing cyber security good practice, and how cyber security features in the participants’ own jobs, and professional development and training.
Despite the small sample size, our analysis shows that cyber security is recognised as a significant threat in business today. However, only approximately half of firms, even many of the larger ones, have not included cyber security in their induction programmes, policies, and training; or, if they have, do not regularly update it. Whilst cyber security issues are encountered by HRM professionals in the course of their jobs, they rarely receive training in this area and are never provided with dedicated training to meet cyber security threats from an HRM perspective. It is argued that, given the nature of many cyber incidents, in particular the insider threat, HRM has much to offer to enhance current strategy and practice and that businesses would be better protected if they developed and enlisted the skills of their HRM teams strategically.
Original language | English |
---|---|
Pages | R16 |
Publication status | Published (in print/issue) - 2 May 2018 |