4 ways HR can strengthen digital security

Human resources professionals, particularly heads of HR, need to be more active in ensuring cyber resilience is a foundational priority for businesses.

According to business and technology insights company Gartner, as more HR functions implement AI and automated technologies, security incidents are becoming more common and harmful, and as such, chief human resources officers (CHROs) must take steps to strengthen digital security.

Earlier this month, Gartner identified four actions CHROs can take to help strengthen data protection and build trust in automated HR systems within their businesses and organisations.

“With organisations opting for more automation within their HR systems to contain HR costs, cyber resilience and protection of sensitive personal data across the entire talent life cycle must become foundational priorities,” said Gartner’s senior principal analyst in HR, Emi Chiba.

“For example, a candidate data breach that compromises personally identifiable information (PII) creates legal risk, negatively impacts employer brand and diminishes employee trust in an AI-supported hiring process.”

Gartner’s four actions are:

Make cyber and data security a strategic imperative

CHROs must view tech not just as an enabler but embed it into their strategy and execution, Gartner said, by strengthening their digital and cyber fluency, engaging proactively with IT leaders, and embedding security considerations into every phase of HR technology planning to safeguard talent and organisational reputation.

“CHROs often take more of a passive role in making technology investment decisions; however, when data breaches occur, there are massive implications on talent, including the risk to the employment brand and IP theft,” said Chiba.

“Many CHROs do not have strong digital awareness and are struggling to lead and influence AI and digital transformation.”

Partner with identity and access management teams to identify and audit threats

Gartner research shows that more than two in five (43 per cent) companies conduct regular audits and reviews on public generative AI (GenAI) tools to ensure compliance with cyber security policies.

To increase cyber resilience, Gartner said, CHROs must work with IT, cyber security, and vendor management leaders to build security into their organisation’s systems and monitor them regularly.

“CHROs should collaborate with IT leaders to adopt security architecture practices. This includes working together to define the business needs and reviewing existing and planned product security capabilities,” the company said.

Establish comprehensive third-party risk management for HR tech

CHROs must also play an active role in establishing and operationalising ongoing third-party risk management, by closely partnering not only with IT leaders but also procurement and legal teams to assess vendor security postures, reviewing audit reports, and ensuring that data-handling practices meet enterprise standards, Gartner said.

“Security incidents, such as a candidate data breach, underscore the importance of a strong partnership between IT and HR when outsourcing HR tasks to a third-party vendor,” said Chiba.

Strengthen culture to promote security

Finally, CHROs need to foster a culture “where raising security flags and taking the time to slow down and assess risks is encouraged and not seen as a bottleneck”, Gartner said.

A key factor in fostering this culture, the company suggested, is creating psychological safety among employees; employees who feel psychologically safe are more capable of communicating candidly about anticipated issues and solving problems creatively.

“A data breach may signal deeper issues within the organisation, beyond just weak technical controls. While security reviews can often feel like a barrier to speed, they need to be viewed as an essential checkpoint,” Gartner said.