Home Did you know ? HR Departments in the Spotlight: Increased Threat of Cyber Data Breaches

HR Departments in the Spotlight: Increased Threat of Cyber Data Breaches

by Mic Johnson

The threat of cyber data breaches has increased in recent years and HR departments are now in the spotlight. As most critical data is typically held within the employee records of an organisation, HR personnel are increasingly becoming a target for hackers looking to steal data that can be used in financial crimes such as identity theft or even extortion attempts.

Cezanne HR conducted a survey and 31% of employees declared they couldn’t trust HR to keep their data confidential. Employees believe that the data held by their HR department is not secure enough. 

This leads to employees storing sensitive information about themselves and colleagues on cloud services such as Google Drive, Dropbox and other file-sharing services, which makes them vulnerable (i.e. using their work emails to register on these services).

Additionally, employees are also likely to download personal documents onto USB drives and take them home, which makes them even more vulnerable.

Furthermore, most HR professionals do not have sufficient training in information security practices. This means that they may make incorrect decisions when it comes to choosing security controls, deployment of these controls or how they should be configured. This can lead to environments being exposed to various threats.

Let’s look at some statistics

The human element is the biggest threat to cybersecurity when it comes to data breaches. In one study, over 85% of all incidents were found with a person’s involvement in some form.

Furthermore, additional information has come to light that insider threats are approximately responsible for 60% of data breaches and that the number of these incidents have escalated by 47% since 2018. 

Different industries where HR departments will be prone to cyber attacks

HR departments are increasingly investing more funds into the training of personnel and improving security controls to mitigate the risk of cyber security threats.  

Still, some industries are prone to cyber attacks. As companies become more aware of the threat, they are starting to take steps to protect their HR departments from cyber attacks.

  1. The educational industry

Student and staff records (of most institutions) are kept in HR systems, with data such as medical information and social security numbers. This makes them a prime target for cybercriminals. 

Not only is the amount of personal data held high, but also often this information is poorly protected with weak passwords

  1. The Financial industry

With employees in this sector often holding access to personally identifiable information (PII) of their customers, it makes the financial sector a prime target for cybercriminals. 

The presence of PII in HR systems can also lead to financial damages when breached, which means that hackers are attracted to these systems for malicious intent.

  1. The Government sector

HR systems within government organisations often contain large amounts of data and are highly confidential (e.g., information related to security clearances and background checks). 

This makes them a prime target for cybercriminals looking to extract sensitive information that can help them in identity theft or other financial crimes.

  1. The Legal industry

With the amount of lawyering that is done online, information related to cases and other legal documents are stored in HR systems. This makes them prime targets for cybercriminals looking to access this data for malicious intent.

  1. Retail and Manufacturing industry

Since companies like Amazon or Apple store huge amounts of customer data, it makes the retail sector a prime target for cybercriminals. With the manufacturing sector being a prime target for industrial espionage, it makes HR departments a prime target for cybercriminals looking to access this data for malicious intent.

The nature of the access that these employees have to this data also makes them prime targets.

How companies are trying to react to such breaches

  1. Increasing training and awareness of HR personnel

This is important since employees are often unaware of the kind of information they should be protecting, leading them to disclose sensitive company data on various online platforms.

  1. Introducing cyber security monitoring tools

Monitoring the online presence of employees is important since it can help identify suspicious behavior and also reduce risk due to social media accounts of employees being compromised by hackers who then use these platforms for various nefarious purposes, such as messages containing malicious links or messages containing sensitive information that could lead to a data breach.

  1. Introducing new IT security policies

This is important since ensuring that all HR personnel have secure devices and access to company systems is critical for preventing any potential cyber-attacks from taking place.

  1. Having a proper disaster recovery plan in place

If sensitive data has been stolen, it can help mitigate financial damages if a good disaster recovery plan is in place since it ensures that the sensitive information remains secure.

  1. Introducing new security tools

One way of preventing breaches from taking place is by introducing new security tools, such as single sign-on solutions, which help prevent cyber attacks from occurring since they ensure that employees only have access to the data they need to do their job.


HR departments are not immune to cyber threats. If you have an HR department that handles sensitive information, it is important for your company’s security team to offer support and create a plan of action should the unthinkable happen.

The first step in this process is ensuring all passwords are updated on a regular basis so they cannot be easily hacked by outsiders. 

Not only will strong passwords help protect your employees from outside threats, but also prevent disgruntled workers from accessing confidential data if their employment with the company ends badly.  

With these steps taken care of, you can rest assured knowing that your HR department has every opportunity possible to succeed.

You may also like