Human assets leaders are more and more being pulled into the entrance strains of workforce safety as identity-based cybersecurity assaults speed up. Within the first half of 2025 alone, these assaults surged 32%, in accordance with Microsoft knowledge, with greater than 97% geared toward passwords.
On the identical time, cybercriminals are utilizing AI to automate phishing efforts and craft way more convincing social engineering schemes. With workers now serving as the first defend in opposition to these threats, HR’s position in organizational safety is changing into extra important and extra advanced than ever earlier than.
New analysis from Forrester predicts that by 2026, greater than 60% of safety leaders will make workforce danger discount a proper a part of their technique. The shift marks a change in how organizations strategy safety, shifting past expertise alone to embody the individuals who use it.
“HR can and may play an essential position on this subject,” says Agi Garaba, chief individuals officer at automation platform UiPath. “Internally, HR ought to deal with constructing relationships and dealing intently with stakeholders throughout the group, particularly in danger, operations, safety and IT.”
Moreover, the Forrester analysis signifies that 40% of safety organizations will add a devoted workforce danger position, creating new alternatives for HR professionals to show strategic worth.
HR as a strategic safety companion
For many years, HR has operated primarily as a perform centered on recruiting, advantages and compliance. The brand new safety mandate requires a special strategy. “On this surroundings, organizational leaders should deal with cybersecurity as a core strategic precedence—not simply an IT challenge—and construct resilience into their expertise and operations from the bottom up,” write Microsoft researchers.
Garaba recommends that HR groups choose metrics that matter to the broader group, partnering with useful, operational and IT leaders to grasp their objectives for development, income, buyer retention, safety and transformation.
“HR groups are the best once they deal with fixing enterprise challenges,” she says. “Create buy-in from these organizational companions by shared objectives, with common communication on progress.”
The Forrester report emphasizes that safety abilities shortages will drive organizations to take a position closely in workforce growth and cross-functional coaching applications, putting HR on the heart of those initiatives.
Cybersecurity coaching as the primary line of protection
The zero-trust safety mannequin, which assumes no consumer or system ought to be robotically trusted, in accordance with Microsoft safety execs, is increasing past expertise infrastructure to embody workforce habits and entry administration.
“As each the dangers and alternatives of AI quickly evolve, organizations should prioritize securing their AI instruments and coaching their groups,” write the researchers. Beneath this strategy, organizations constantly confirm identities, monitor actions and restrict entry primarily based on real-time danger assessments.
As this mannequin extends to individuals, HR leaders should develop complete coaching and coverage communication methods that assist workers perceive why their entry is monitored and the way safety protocols shield each the group and their very own knowledge.
Garaba says HR can play a key position in creating and implementing efficient mitigation methods by coaching, reinforcing core values and defending firm property and model status.
The shift requires HR to acknowledge technical vulnerabilities and translate them into accessible coaching applications that workers can perceive and apply of their each day work.
Constructing belief in an period of surveillance
The growth of behavioral monitoring and entry controls raises questions on worker privateness and belief. Garaba emphasizes that transparency turns into important as organizations implement new safety measures.
“Belief and transparency are important values in workforce administration, serving to to foster a constructive and productive work surroundings,” she says. “One of many key constructing blocks of belief is being open and sincere at any time when attainable, modeling and selling a tradition of accountability and collaboration.”
The problem for HR leaders is to stability cybersecurity necessities with the necessity to keep worker morale and engagement.
Learn extra: CEO priorities in 2026 and the way they impression HR leaders
Trade collaboration on cybersecurity is required
Garaba additionally requires HR leaders to interact externally with friends, {industry} teams and commerce associations to share finest practices and develop requirements and certifications.
Microsoft researchers agree, writing that as digital transformation accelerates, addressing cybersecurity challenges requires “not solely technical innovation however coordinated societal motion.”
The collaborative strategy displays the fact that workforce safety threats transcend particular person organizations. What works at one firm could assist others, and industry-wide requirements can increase the baseline for all.
As AI governance frameworks emerge and safety threats develop extra subtle, HR leaders who embrace this expanded position will place their organizations for fulfillment whereas elevating the perform’s strategic significance.
“Use knowledge to inform the story,” Garaba says. “Collectively, these approaches will assist to construct belief and credibility with stakeholders.”
