The Chartered Institute of Personnel Management (CIPM) has emphasised the need for organisations to start factoring cyber-consciousness into their onboarding, policies, culture and training activities.

The institute said if organisations do not, they will be leaving the door wide open for hackers who do not need a second invitation.

President and Chairman of the Governing Council of CIPM, Ahmed Gobir, said this at the 17th Special Human Resource Forum, organised by the institute.

Citing a 2024 IBM Cybersecurity Intelligence Index Report that 95 per cent of cybersecurity breaches are caused by human error, he said that if human mistakes were not a factor, 19 out of 20 cybersecurity breaches would not have occurred.

He called on organisations to ensure the review of their data policies, collaborative training, integrate compliance, and lead cultural change by championing security across the organisation and demonstrating commitment through actions.

He asked: “Are our HR systems compliant with the Nigerian Data Protection Act? Are we educating our employees about phishing, password hygiene and access protocols? And do we treat people’s data with the same reverence as our financial data?”

According to him, when human resources (HR) gets cyber-smart, the whole organisation becomes cyber-strong.

Speaking on ‘The Role of HR in Cybersecurity and Compliance: Protecting Employee and Organisational Data’, Director/founder and Executive Coach, Leadership House, Linda Rogers, highlighted HR’s unique position on security culture, behaviour influence, access management, and data stewardship.

Giving statistics in the cybersecurity landscape, she said about 41 per cent are HR platform attacks, alerting that there is a year-on-year increase in targeting HR systems.

Rogers highlighted some common HR-related risks, such as access control failures, data mishandling, and offboarding gaps, where she pointed out former employees retaining access rights, thereby creating significant security exposures.

For HR’s role in compliance, the IT security expert called for policy alignment by ensuring procedures match data requirements, audit support, impact assessments, and cross-department collaboration.

According to her, HR departments are essential cybersecurity partners, whose role extends beyond traditional functions.