Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Sponsored by: Mercer & Marsh
October 24, 2023

Cyber Threats – Critical Info for Both Human Resources Professionals and Risk Managers

In today’s digital age, cyber threats are becoming increasingly common and sophisticated. Organizations are vulnerable to a wide range of cyber threats including data breaches, ransomware attacks, and phishing/social engineering scams. These attacks can have serious consequences, including financial losses, reputational damage and legal liabilities. Fortunately, there are steps employers can take to mitigate these risks, making cybersecurity a top priority of the C-suite.

1. What are particular aspects that risk vs human resources professionals should be aware?

Risk managers and human resources professionals play particularly critical roles in addressing these challenges by identifying potential threats, educating the workforce and implementing risk management strategies. To begin with, a comprehensive risk assessment can identify potential cybersecurity threats and vulnerabilities. This assessment should include a review of the organization’s IT infrastructure, data protection policies and employee training programs. Based on the results of this assessment, employers can develop a risk management strategy that includes measures such as implementing access controls, encrypting sensitive data and conducting regular security audits.

Risk managers should also consider purchasing cyber risk insurance to protect the organization from potential losses in the event of a cybersecurity incident.

Comprehensive cyber risk insurance policies can provide coverage for a range of losses, including data breaches, business interruption, ransomware, regulatory fines and penalties and liability claims. Risk managers should work with their insurance broker to identify the appropriate coverage options for their organization based on their specific needs and risk profile.

2. What can you do to stay up-to-date on this rapidly-changing area?

Due to the speed with which new threats emerge, it is critical to stay up to date on the latest cybersecurity threats and trends and work with IT and other departments to implement best practices for protecting sensitive information, authenticating access and monitoring the organization’s network for suspicious activity. Employers can provide cybersecurity training to employees to raise awareness of the latest threats and best practices for protecting sensitive information. This training could include regular phishing simulations to test employees’ awareness and provide feedback on areas for improvement.

In addition to employee training and education, organizations should also focus on building a strong cyber culture that emphasizes the importance of cybersecurity at all levels of the organization. This can involve everything from creating a dedicated cybersecurity team that is responsible for monitoring and responding to potential threats to outlining expectations for employee behavior and responsibilities including topics such as password management, data protection and incident reporting. HR can conduct background checks on new hires to ensure that they do not pose a risk to the organization’s cybersecurity as well as implement access controls to limit the risk of insider threats and ensure that employees only have access to the information they need to perform their job duties.

3. What should I do to protect my organization?

Of course, even with a strong cyber workforce resilience strategy in place, incidents can still occur.

Having a comprehensive incident response plan which outlines the steps to be taken in the event of a cyber-attack is critical and should include procedures for identifying and containing the attack, as well as notifying relevant stakeholders, such as customers and regulatory authorities. Cyber-attacks can’t all be prevented, but employers can mitigate their risk by identifying potential threats, developing a strong cyber culture and implementing risk management strategies including strong employee education. By purchasing cyber risk insurance and implementing effective cybersecurity controls, employers can help protect their organizations from potential losses and reputational damage in the event of a cybersecurity incident.

For more information contact

Meg Galistinosm, Partner, Connecticut Office Leader,Mercer; Meg.Galistinos@mercer.com

Steve Toffolon, Managing Director, Resident Executive Hartford, Marsh; Stephen.A.Toffolon@marsh.com