Mind the breach | Why data security isn't just IT's problem - it's HR's too

According to the not-for-profit group Identity Theft Resource Centre, the number of data breaches that occurred in 2021 were not only 68% higher than in 2020, but were an alarming 23% higher than the previous all-time high. With high-profile companies such as Microsoft, Apple and Crypto.com falling prey to attacks, and even charities not left out (Red Cross saw itself victimised this year and 41% of 500 charities polled by insurance group Ecclesiastical had said they’d suffered an attack in the past year) – the best time to get your cybersecurity in order is last week’s yesteryear.

But wait a second: how is this an HR problem?

The answer is twofold: firstly, there’s the people thing in the people function: if your cybersecurity is compromised and details of salaries, mental health treatments, family members, payment info or full identities are compromised, it’ll be HR working around the clock to pick up the pieces. Secondly, under the Data Protection Act of 2018 and the GDPR, HR holds both personal and sensitive information that must be stored, accessed, secured and processed in compliant ways.

Unfortunately, it’s not just something that even SMEs can “leave to IT”. Having thorough, frank discussions with your security and data protection personnel is vital to making sure that the information you keep – both the financially vulnerable stuff and the sensitive information of staff – is kept safe.

“By far, the most important thing for HR leaders to understand is that data protection is everyone’s responsibility,” explained Steve Ryan, Senior Consultant for security company BARR Advisory.

With the UK Government reporting that 39% of UK businesses suffered an attack this year alone, and only 19% having a response plan in place should an attack occur, it’s clear that this is a huge gap in both resource and risk planning for British organisations.