Home | Blog | Weakest Link in Cyber-Security: IT or Human Resources?

Weakest Link in Cyber-Security: IT or Human Resources?

Copyright: <a href=


A stark reality facing businesses today is the ever-growing threat to create and maintain cyber-security. And though the reality is pervasive, many companies still lack the best strategy for addressing it. The profundity of this concern is not a subject of debate. Companies know it’s essential. The struggle comes from coping with the potential damage to corporate image, negative impact on consumer trust, loss of revenue, liability to customers, and the ever-increasing statutes imposed by lawmakers and agencies who point the finger at businesses for failure to take charge when it comes to preventing data theft.

Cyber-attacks are real and occur frequently in the places we shop, the materials we move throughout factories, and nearly everything we take for granted. Incessant waves of computer, server, cloud and mobile hacking have led to compromised data, unwarranted access to private information such as Social Security numbers and bank accounts, and industrial espionage. The attacks on companies are countless. The Heritage Foundation reported that in 2015, “companies saw an average of 160 successful cyber-attacks per week, more than three times the 2010 average of 50 per week.” As early as 2006, Joe McGrath, at the time the president of Unisys, called the security of data and systems processes “an incredible challenge in the global/digital economy.” Even in 2017, this is still true. In fact, the problem has intensified.

Although the threat is known, businesses give little more than lip service when it comes to cyber-security. They tend to overlook vulnerabilities even as the number of mobile devices increases. Too many companies allow employees and associates to access data from either corporate-owned or private devices away from the workplace. Despite password protection and/or encryption, it’s this type of access where cyber criminals are able to penetrate servers through apps or other stealth measures.

Hackers remind us regularly that no system is totally secure. It’s a lesson most businesses should have learned by now. Yet as the search continues for the flaws in technology, many companies are learning that the weakest link in cyber-security may not be a function of technology at all. Instead, popular opinion seems to lean more toward people as the culpable and tenuous link, specifically those who manage and maintain IT systems. In their ongoing quest to resolve pressing cyber security issues, perhaps the time has come for businesses to give at least tantamount attention to the human element as they do the technological one. By reallocating their efforts more toward the human link, corporate America will see the wisdom in treating human resources as their first line of defense.