Why HR should be 'more involved' in cybersecurity

It's no longer just an IT concern in this age

Why HR should be 'more involved' in cybersecurity

Cybersecurity should be an organisational concern in the digital age, but lax company policies remains a key threat among Singapore firms, experts said.

While cyberattacks are widely recognised as a real threat to businesses and individuals today, a panel of experts recently observed the gap between awareness and action taken by companies here.

Panellist Raju Chellam, Fellow of Singapore Computer Society, urged companies to make cybersecurity “the responsibility of every employee” and take actions to demonstrate consequences of non-compliance with company policies.

“Having a malware on an individual’s device may pose little immediate danger to the individual,” Chellam said, speaking at the MDIS panel event.

“However, most hackers are just looking for that one right chance, when the individual plugs his device to a company network to find a wealth of important data that may give him the financial gain he’s looking for.”

READ MORE: SingHealth cyber-attack inquiry: A hard HR lesson

He added that firms, particularly small and medium enterprises (SMEs), tend to be “lax” when enforcing strict cyber policies. This is not the case in other similarly advanced markets.

“My research in Israel showed a serious attitude among companies there on their view of cybersecurity practices,” he said. “Employees can be dismissed on grounds of poor cyber hygiene that may compromise a company’s system.”

Companies should step up efforts, as 53% of cyber incidents were caused by employees either through administrative errors or through the loss of a company device, according to a 2019 Chubb survey in Singapore.

Anthony Lim, Director – Research & Alliance, at Centre for Strategic Cyberspace + International Studies Singapore, agreed that every individual of the organisation has a role to play.

He reminded companies of basic cyber hygiene that every individual of the organisation must practise as a form of safeguard. This could be something as simple as good password management.

Staying abreast with the latest cyber development is also essential for companies to identify how their cybersecurity solutions must evolve to respond to increasingly sophisticated threats.

The breakneck speed of digital transformation also adds great stress to businesses in adapting their cybersecurity approaches, said Dr Lee Hing-Yan, Executive Vice President, APAC, at Cloud Security Alliance, a not-for-profit organisation.

“The irony of having more digital solutions is the opening up of new or evolving threats,” Dr Lee said.

There's also the issue of prioritisation.

“Organisations, even when they can afford the expenses, tend to see cybersecurity as a cost and not an investment that brings value to the business," he said.

“It is thus important for companies to undertake risk assessment to analyse the potential business losses in the event of not having cybersecurity in place.”

Recent articles & video

42% of HR leaders say it’s difficult to involve managers in driving meaningful change

Singapore unicorn doubles down on DIB amidst talent shortage

Hotel Ava introduces 'radical changes' for employment benefits

Research by Simmons & Simmons reveals happiness in Asian legal sector

Most Read Articles

The Metaverse is coming for HR – here's what to expect

Singaporeans prefer flexibility over four-day work weeks

Hybrid, remote work to boost demand for gig workers