Not yet a Member?
HR Magazine is highlighting the next generation of HR leaders.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
30+ HR education programs, including 4 NEW programs on hot topics, are available for registration.
Join us in Chicago for the latest trends and technology in talent management, and what to expect in the future.
Fewer than half of in-house counsel (45 percent) said that their companies have mandatory training for employees on how to prevent cybersecurity breaches, found the Association of Corporate Counsel (ACC) Foundation.
The ACC, an association serving the needs of more than 40,000 corporate lawyers in 85 countries, published
The State of Cybersecurity Report on Dec. 9, 2015. The report reflects data from a survey of 1,015 responding corporate general counsels.
“HR has a tremendous opportunity” to educate employees about cybersecurity, and to design policies that support legal, financial and information technology, said Amar Sarwal, vice president and chief legal strategist for ACC. “HR can be right at the center of this.”
Organizational policies related to cybersecurity include ones on:
Nearly one third of respondents (31 percent) had worked at a company where a data breach had occurred. Of those surveyed, the incident happened because of:
An important step to reduce a company’s risk of a cybersecurity breach is employee training, but this isn’t yet prevalent.
One in three in-house counsel said that their company tracks attendance for mandatory training as a means to evaluate preparedness at the employee level; 19 percent test knowledge acquired during mandatory training. Mock security events are conducted at just 17 percent of respondent companies.
“Training employees on company security policy when onboarding or annual training is not enough,” said Stu Sjouwerman, CEO of KnowBe4, maker of a security awareness training and simulated phishing platform. “To be most effective, use anti-phishing tools to frequently test employees on a variety of types of subjects and times, then follow up with remedial training for anyone who fails.”
He also recommended that employers:
He said training should be “engaging and effective. It should be something employees feel nicely challenged by but not intimidated [by]. Offer rewards and/or acknowledgments for employees who consistently pass mock phishing tests or spot real attempts. In this day and age, security should be part of the corporate culture … [I]n the end, the best security you have is trained employees that are on their toes with security top of mind.”
In-house counsels’ most immediate concerns related to data breaches were, in order of importance:
The Center for Strategic and International Studies estimated in June 2014 that the annual cost to the global economy from cybercrime exceeds $400 billion.
Cybersecurity insurance is becoming common with 64 percent of responding lawyers in the United States saying their company is insured, and 26 percent of responding in-house counsel expecting their company to increase cybersecurity coverage over the next year. However, a majority (58 percent) said they will maintain their coverage as it is now.
There was much dissatisfaction with cybersecurity insurance reported, with 70 percent of respondents who had a data breach responding that the insurance did not cover the damages created by the breach.
Only 13 percent of respondents said they are extremely confident they have the right coverage for a cybersecurity breach.
Allen Smith, J.D., is the manager of workplace law content for SHRM. Follow him
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
CA Resources at Your Fingertips
SHRM’s HR Vendor Directory contains over 3,200 companies