Cybersecurity Awareness Month: HR Leaders can Help Create & Support a Cyber-Aware Culture

HR leaders must be actively engaged in the business of their organizations to help deliver on immediate and long-term goals and add shareholder value, to paraphrase Padma Thiruvengadam’s essay in The Rise of HR. This includes understanding key business processes, including how the company conducts business and whether changes should be made to these processes. One critical business process that every HR professional must be aware of and help bolster is a cyber-aware culture in which every employee plays a role in protecting the organization’s data, devices, and IT networks from unauthorized access and malicious use: cybersecurity.


Cybersecurity impacts every person in the workplace in every element of operations and is one of the reasons that the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are urging all employees to see themselves in cyber during this Cybersecurity Awareness Month. Knowing how to converse with your organization’s IT teams to support their efforts to protect your company is essential for HR professionals because a cyber breach can result in millions in fines, millions in ransom paid to cyber criminals, a large time cost to repair a breach,and damage a company’s reputation in the marketplace. The IBM 2022 Cost of a Data Breach study shows that even one cyber incident can cost anywhere from $4 million to more than $10 million, depending on the type and size of the organization!


Making cybersecurity a company-wide priority has become even more important because companies’ network footprints have expanded dramatically with the normalization of hybrid and remote work. Just three years ago, an organization’s footprint might have been centered in one building, campus, or a set of locations. Today, a company’s footprint includes those same locations plus home offices that may be across the country or even the globe. That “sprawl” not only has expanded but also has distorted the perimeter of the network footprint, making it increasingly difficult to protect.


More than ever, HR must be involved in an organization’s cybersecurity conversations, if, for no other reason, they want to protect employees’ personally identifiable information. In addition to understanding the basics of why it is important and how the company is protecting its data from attack, HR professionals should understand that attacks aren’t always from external actors. The biggest threats organizations face today include the multiplied attack vectors from the sprawl mentioned above and from the fact that sometimes employees are just careless or don’t “see themselves in cyber”.

Organizations can protect against employee errors by fostering a culture in which everyone understands their role in cyber, and IT experts want their HR colleagues on board to help implement that culture. To help HR professionals become versed in the language of cybersecurity, HRCI offers a Certificate in Cybersecurity alongside 23 courses and certificates in everything from Compliance and Operational Security Scenarios to Cybersecurity for Human Resource Professionals.

Through HRCI courses, HR professionals can learn more about:

  • IT Cloud Data & cloud operations security,
  • IT cryptography scenarios,
  • identification and authentication techniques,
  • network security scenarios,
  • compliance and operational security scenarios,
  • malware,
  • security awareness training,
  • risk management,
  • disaster recovery, and
  • common attacks.

Every worker in an organization should “see themselves in cyber” during Cybersecurity Awareness Month and year-round because all of us are responsible for upholding the security of data and information related to our jobs. HR leaders and teams can educate themselves in cyber to ensure they are included in the conversations around a security policy that sets the tone and objectives for IT security-related concerns for their organization and to be able to get senior management and the executive team on board to support the policy.

Regardless of how complex cybersecurity may seem, as CISA says, it is ultimately all about people. If you are in people management, take a moment to determine what you know about cyber and what you need to learn to be actively engaged in the business of your organization’s cybersecurity initiatives to support its immediate and long-term goals and deliver on shareholder value.