As stats suggest more than 80% of security breaches involve a human element, HR leaders need to take note
As digital threats grow increasingly sophisticated, cybersecurity has risen to the top of agendas in the boardroom and HR leaders are being encouraged to take a central role in how corporations respond to threats.
“Cybersecurity is top of mind for the C-suite and boards, and CHROs are diving into those discussions as strategic partners,” Janna Groisman, Senior Vice President People, at identity and access management platform Okta, told HRD.
According to Groisman, cybersecurity is not just a technical issue – it’s a people issue, with research suggesting 82% of all security breaches involve a human element.
The findings, from the New South Wales Government, highlight that breaches mostly involve the use of stolen credentials, phishing, or simply human error. The average cost of a data breach in Australia is $3.35 million per breach. Approximately 80% of these data breaches involved customer Personal Identifiable Information (PII), the report shows.
“Employer trust and brand are closely tied to how well we protect our data and systems,” Groisman noted. “That’s where HR plays a critical role – shaping a culture that prioritises security from a people-first perspective.”
With the high cost – both professionally and personally – of data breaches in the workplace, Groisman underlined the importance of ensuring a culture of safety is “top of mind.”
This may need a mindset shift. Relying solely on compliance-driven modules like ‘don’t click suspicious links’ training falls short of building a sustainable security culture.
“The modern employee experience is primarily digital. Whether working from home, switching devices, or navigating between personal and professional networks, the risks are real – and most are already aware of what they should and shouldn’t click in an email.”
“Security has to be a constant consideration,” she explained.
Groisman noted that Okta has embedded security into its core values – with “Always secure, Always On” a key guiding principle across its workforce.
“We’ve built a strong partnership with our CISO (chief information security officer) and deputy CISO. Together, we’ve mapped how to instil ownership and awareness across every stage of employment, so people are accountable.” Groisman said.
Strategic planning to tackle security issues
This approach includes identifying high-trust roles at hiring, setting expectations during onboarding and incentivising best practice and security innovations through a reward program dubbed ‘Stacks for Hacks.’
Far from being a compliance afterthought, security is now integrated into performance reviews and employee recognition systems. The result, Groisman noted, is an engaged workforce that understands their personal role in protecting the organization.
“When employees understand the real implications – for the brand, for our reputation – and feel a sense of ownership, that’s when culture change takes hold and means everyone can play their part in doing their best work,” she said.
Increased accountability in managing security concerns
Even physical security policies are now part of this mindset shift. Something as simple as enforcing badge protocols at office entry points – including for the CEO – has underscored the importance of consistency and personal accountability.
“We’ve created a culture where even small breaches of protocol aren’t brushed off. That sends a message that everyone is held to the same standard – and that builds mutual respect.” Groisman added.
Building this accountability across the business – ensuring everyone “lives by it” – builds a greater culture of camaraderie, even at the highest of positions.
“It might seem silly, making the CEO tap in when they enter the building,” Groisman joked, “but by doing this, we’re making the message abundantly clear that security is a top priority. Everybody knows who they are - but being consistent and driving the same expectations means the culture is alive and well.”