How HR & IT can work together to combat the cybersecurity crisis?

As cyber threats grow in sophistication, HR teams must work closely with cybersecurity professionals to address the weakest link in security: human behavior.

A study from IBM’s 2023 Cost of a Data Breach report found that human error and social engineering tactics account for nearly 74% of cyber incidents.

Whether it’s falling for phishing scams, using weak passwords, or mishandling sensitive data, employees—regardless of their role—are often an organization’s most significant vulnerability.

While IT teams focus on the technical aspects of security, HR plays a critical role in shaping the policies, training, and culture that help prevent breaches. The intersection of cybersecurity and HR is essential for building a resilient, security-conscious workforce.

How HR can contribute to the cybersecurity challenge

HR teams are responsible for a wide range of disciplines under people operations, including recruitment, onboarding, performance management, and employee experience. Each of these areas presents cybersecurity risks and opportunities:

1. Recruitment & onboarding: securing the front door

The hiring process is an overlooked cybersecurity risk. If HR does not properly vet candidates, an organization risks insider threats—malicious actors joining a company to steal sensitive data or disrupt operations.

What HR can do:

1. Background checks & digital footprints. HR can partner with cybersecurity teams to screen candidates for prior security-related infractions. This includes monitoring digital footprints and ensuring compliance with regulatory guidelines.
2. Cybersecurity in onboarding. Employees should receive cybersecurity training as part of their onboarding, covering password hygiene, phishing awareness, and company-specific security policies.

2. Employee training & behavior modification

The effectiveness of cybersecurity depends on employee behavior. HR and cybersecurity teams must drive ongoing education efforts that keep cybersecurity top-of-mind.

What HR can do:

1. Phishing simulations & cybersecurity drills: Many organizations conduct mock phishing exercises to test employees’ ability to spot malicious emails. Companies with frequent training see a 60-70% decrease in phishing success rates, according to KnowBe4’s 2023 security awareness report.
2. Gamification & incentives: Instead of punitive measures for security slip-ups, HR can reward employees who report phishing attempts, comply with best practices, and actively participate in training sessions.
3. Leadership buy-in: When executives actively promote cybersecurity awareness, employees take it more seriously. HR can integrate security KPIs into leadership performance metrics to ensure commitment from the top down.

HR must help IT embed cybersecurity into the company culture

3. Managing insider threats & employee access controls

Insider threats—both malicious and accidental—are a growing concern. A 2024 Verizon Data Breach Report found that 34% of cyberattacks involve internal actors, including disgruntled employees, negligent staff, or those unknowingly manipulated by cybercriminals.

What HR can do:

1. Role-based access control (RBAC): HR and IT must work together to limit access to sensitive systems based on job function. The “principle of least privilege” ensures employees can only access data relevant to their role.
2. Offboarding & security risk management: Employees who leave a company but still have access to critical systems create a significant vulnerability. HR and IT should automate account deactivation upon an employee’s departure.
3. Behavioral red flags: HR can collaborate with security teams to monitor unusual employee behavior, such as sudden large data downloads, unauthorized access attempts, or communication with external competitors.

Why HR & cybersecurity alignment matters

A healthy collaboration between HR and cybersecurity means embedding cybersecurity into the company culture, making security a fundamental part of every employee’s role. Without HR’s involvement, cybersecurity remains an isolated IT function rather than an organizational priority, accepted and adopted by all areas of the business.

Companies that fail to integrate HR into cybersecurity strategies not only face higher risk exposure but also suffer from greater financial, operational, and reputational repercussions. The consequences of weak HR-cybersecurity alignment extend far beyond data breaches, with possible negative impacts on employee trust, regulatory compliance, and overall business continuity.

The future of HR & cybersecurity collaboration

As hybrid and remote work models become permanent, the need for HR-driven cybersecurity strategies will only increase. From reducing human error to strengthening insider threat detection, HR must evolve as a strategic partner in cybersecurity.

Organizations that align HR and cybersecurity efforts will not only reduce risk but also foster a more resilient workforce—one where every employee is an active participant in the company’s digital defense.

This is not just an IT problem. This is a people problem. HR and cybersecurity working together is the key to solving it.

Adam Hickman PhD, is the VP of L&D and Organizational Development at Partners Federal Credit Union, a Walt Disney company affiliate.

Brian Kairnes serves as the Senior Vice President and Chief Risk Officer at Partners Federal Credit Union. In his role, Brian provides leadership and direction in managing key risk areas across the enterprise, ensuring the safety and soundness of the Credit Union while supporting the delivery of products and services to its members. His responsibilities include overseeing credit administration, loan operations, risk management, security & resiliency, and audit functions.