Cybersecurity & HR: The Overlooked Role of People in Risk Prevention

When organizations first think about cybersecurity, they typically focus on securing their technology—firewalls, encryption, and threat detection. However, it’s an open secret that one of the most significant risks in cybersecurity is not in the technology itself, but in human error. That’s why a robust cybersecurity plan has to account for ‘the human factor.’

The Human Factor in Cybersecurity Risk

According to Proofpoint’s 2024 Voice of the CISO report, 74% of chief information security officers (CISOs) cited human error as their top cybersecurity risk, a sharp rise from 60% in 2023. This might be because cybersecurity itself is getting stronger, or because security protocols with workers have become slacker.

Regardless of which it is, it seems that employees—whether through negligence, ignorance, or malicious intent—are now the weakest link in the cybersecurity chain by a substantial margin. The following are the four (4) most common ways a human mistake can cause a breach:

• Negligent Insider/Employee Carelessness (42%)–Employees mishandling data or failing to follow security protocols (Proofpoint 2024 Report).
• Malicious or Criminal Insider (36%)–Internal threats from disgruntled employees, or those recruited by cybercriminals (Proofpoint 2024 Report).
• Stolen Employee Credentials (33%)–Poor password management or phishing attacks, giving criminals access to accounts (IBM 2024 Threat Index).
• Lost or Stolen Devices (28%)–Laptops and mobile devices containing sensitive data are lost or stolen (IBM 2024 Threat Index).

Of these, the IBM 2024 Threat Index indicates that phishing is still the leading successful attack vector for cybercriminals, responsible for 30% of all breaches. While phishing attacks have decreased since 2022 due to improved defensive strategies, they have not subsided entirely.

Addressing Human Error in Cybersecurity

We’ve mentioned that humans are currently cybersecurity’s weakest link—and that’s true–but they’re also its greatest resource. Getting people on board with protecting company data comes from empowering people with smarter tools, continuous learning, and a culture where good security protocols and digital hygiene feel valued. Here’s a quick rundown of how some forward-thinking organizations are rewriting the playbook to deal with human error in cybersecurity:

1. AI: A New Era of Digital Defense

AI is rapidly becoming indispensable in cybersecurity. Its abilities are constantly improving, and AI can quickly detect mistakes and help prevent them in advance. Modern AI can do each of the following:

• Intercept slip-ups before they escalate: like flagging a mistyped email domain.
• Auto-correct risky behaviors: for example, encrypting files employees forget to protect.
• Deliver real-time nudges: They might provide a pop-up: “This link looks phishy—want to double-check?”.

The result? Teams work smarter, not harder. Proofpoint has found that 87% of CISOs are already relying on AI to improve their organization’s defenses.

2. Security Training That Works

Don’t provide boring, marathon compliance lectures that employees dread. Effective cybersecurity education is whatever people actually listen to and engage with. Try the following:

• “Lessons from last Tuesday” workshops–Use real near-misses (“Remember when Sarah almost clicked that email?”) to make security concerns real.
• Bite-sized monthly modules–Think TikTok-style microlearning—five-minute bursts on password hygiene beats five hours of dull content. This allows for spaced repetition as well, a proven memory technique.
• First-day firewall building–New hires should practice and learn security practices deeply before they touch sensitive data, not after (as 68% of organizations now prioritize per Gartner).

3. Creating a Camaraderie Culture

When security feels like everyone’s job, not just overworked IT members running around putting out fires, everyone benefits. You can cultivate this shift in perspective by providing:

• Leadership that walks the walk: When executives share their own “I almost fell for that phishing test” stories, everyone feels like they’re in the security boat together, not being talked down to.
• Security snacks, not feasts: Drop quick tips in Slack channels, on lunchroom walls, or at the end of emails. Little reminders beat annual training marathons every time.
• Empowerment over fear: Replace shame (“You failed the phishing test!”) with support and incentives for caring about company security. For example, you could reward the first employees who reported the phishing scam instead of punishing those who fell for it.

The Role of HR in Cybersecurity

HR plays an essential yet too often underestimated role in cybersecurity, especially when it comes to human error. A good HR department can batten the hatches through better hiring practices, thoughtful security training, and careful policy enforcement. More specifically, we recommend that HR:

• Strengthen Onboarding/Offboarding Security: A good start is mandatory cybersecurity training for new hires and to always immediately revoke access to company systems when an employee leaves.
• Promote Cyber Hygiene: HR should provide support for developing strong password policies, multi-factor authentication, and device security, without becoming too intrusive (Proofpoint).
• Detect Insider Threats: Work with behavioral analytics and periodic assessments of workers to proactively identify and address potential insider risks. There are only a few cases of this in Poland, but we’re learning from them how to better use HR in mitigating these internal vulnerabilities.

Mitigating Human Risk in Cybersecurity Strategies

As we’ve seen, the human factor is an important concern for any robust cybersecurity system. With cybersecurity technology getting better in the last few years and closing many technological vulnerabilities, this has left human error as one of the last remaining common security holes.

However, we’ve argued that people can also be a company’s greatest strength when it comes to best practices. By equipping each employee with the knowledge and tools to guard against digital threats, a company can safeguard its data better than ever before.

Does your recruitment partner monitor the market that affects your business? Do you want to talk to the specialists at Verita HR to find out more?

Verita HR offers services including RPO | Permanent Recruitment | Outsourcing | Media Services

If you are looking for a role in Cybersecurity, then click here.

#phishing #cybersecurity #CISO #VeritaHR #Poland

About Verita HR News

See Also: