Support through your toughest HR challenges: A network of 285,000 HR professionals.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Fewer than half of in-house counsel (45 percent) said that their companies have mandatory training for employees on how to prevent cybersecurity breaches, found the Association of Corporate Counsel (ACC) Foundation.
The ACC, an association serving the needs of more than 40,000 corporate lawyers in 85 countries, published
The State of Cybersecurity Report on Dec. 9, 2015. The report reflects data from a survey of 1,015 responding corporate general counsels.
“HR has a tremendous opportunity” to educate employees about cybersecurity, and to design policies that support legal, financial and information technology, said Amar Sarwal, vice president and chief legal strategist for ACC. “HR can be right at the center of this.”
Organizational policies related to cybersecurity include ones on:
Nearly one third of respondents (31 percent) had worked at a company where a data breach had occurred. Of those surveyed, the incident happened because of:
An important step to reduce a company’s risk of a cybersecurity breach is employee training, but this isn’t yet prevalent.
One in three in-house counsel said that their company tracks attendance for mandatory training as a means to evaluate preparedness at the employee level; 19 percent test knowledge acquired during mandatory training. Mock security events are conducted at just 17 percent of respondent companies.
“Training employees on company security policy when onboarding or annual training is not enough,” said Stu Sjouwerman, CEO of KnowBe4, maker of a security awareness training and simulated phishing platform. “To be most effective, use anti-phishing tools to frequently test employees on a variety of types of subjects and times, then follow up with remedial training for anyone who fails.”
He also recommended that employers:
He said training should be “engaging and effective. It should be something employees feel nicely challenged by but not intimidated [by]. Offer rewards and/or acknowledgments for employees who consistently pass mock phishing tests or spot real attempts. In this day and age, security should be part of the corporate culture … [I]n the end, the best security you have is trained employees that are on their toes with security top of mind.”
In-house counsels’ most immediate concerns related to data breaches were, in order of importance:
The Center for Strategic and International Studies estimated in June 2014 that the annual cost to the global economy from cybercrime exceeds $400 billion.
Cybersecurity insurance is becoming common with 64 percent of responding lawyers in the United States saying their company is insured, and 26 percent of responding in-house counsel expecting their company to increase cybersecurity coverage over the next year. However, a majority (58 percent) said they will maintain their coverage as it is now.
There was much dissatisfaction with cybersecurity insurance reported, with 70 percent of respondents who had a data breach responding that the insurance did not cover the damages created by the breach.
Only 13 percent of respondents said they are extremely confident they have the right coverage for a cybersecurity breach.
Allen Smith, J.D., is the manager of workplace law content for SHRM. Follow him
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Talent Attraction Study: What Matters to the Modern Candidate
SHRM Annual Conference & Exposition
SHRM’s HR Vendor Directory contains over 3,200 companies