Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

Lack of Awareness, Poor Security Practices Pose Cyber Risks

A hand holding a pencil over a piece of paper.

Are your employees savvy about potential cybersecurity risks to ensure they're using the Internet safely? How about being able to identify phishing threats or protecting data? 

Those are among the cybersecurity topics that employees from a variety of industries often answered incorrectly, according to an audit from cyber tech provider Proofpoint. Employees who had undergone security training were asked questions on 14 cybersecurity topics, including their understanding of unintentional and malicious insider threats.

Cybersecurity training must cover these topics regularly if employers hope to change workers' behavior., Proofpoint said in its fifth annual State of the Phish 2019 report.

SHRM Online collected the following articles from its archives and other trusted news outlets on this topic.  

Employees Flub on 1 in 5 Cyber Training Questions 

A recent security awareness audit concluded that workers who take security training choose the right  answers to cybersecurity questions only 78 percent of the time. The findings are based on an analysis of questions Proofpoint asked its customers across a variety of industries. 

That's not good enough. Organizations need to educate their workers to bolster their understanding of cybersecurity risks and issues, according to Proofpoint.

As cyber attackers increasingly focus their attention on people, not technical defenses, organizations should take a people-centric approach to cybersecurity, the company says in its State of the Phish report.

[SHRM members-only tools and templates: Laptop Security Policy]   

5 Top Cybersecurity Concerns for HR in 2019 

Security experts say there are a number of data security issues that human resource information technology leaders should pay close attention to this year. Here are their tips for minimizing risk.
(SHRM Online)  

The Growth of Ransomware Extortion Demands

Ransomware is becoming an increasingly common cause of cyber loss for businesses, according to the NAS Insurance 2019 Cyber Claims Digest. Findings are based on an analysis of 2018 claims data.

And costs go much further than just the ransom payment. Technical and legal expenses associated with negotiating and paying the ransom can triple or quadruple the cost of resolving the issue. It's not uncommon for expenses to go beyond $70,000.
(Insurance Business Magazine)  

Viewpoint: Are Your Employees Really Engaging with Security Awareness Training? 

Does your organization have a formal security awareness and training program? I'm constantly surprised at how often the answer is an awkward and uncomfortable "no." Implicit in the awkwardness is the recognition that such a program is a critical piece of a strong security strategy. Without awareness and training, it's likely that security will not be front of mind for your end users—but that doesn't mean that organizations with formal programs are effectively engaging their employees.
(Security Training)    

Five Strategies to Get Employee Buy-In For Security Awareness Training 

Last year, the FBI reported a staggering $12.5 billion has been lost due to e-mail fraud, underscoring the critical risk that exists each time  employees open their inboxes. A single weaponized e-mail could lead to a substantial data breach or financial loss.

But how can HR teams secure employee buy-in for cybersecurity best practices, while avoiding training burnout? The answer is empowerment.


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.