Increase confidence in cyber mitigations by managing digitization risks
Acceleration of digital solutions to many societal and workforce issues offers so much promise; however, Human Resources (HR) needs a seat at the table to manage the associated cybersecurity and data risks.
The pandemic forced many organizations to take a technology-first approach. In many ways, this has been positive for employees as they value access to virtual health benefits, a more flexible approach to working and a focus on social inclusion and mental health.
Now, forward-thinking employers should be prioritizing digital initiatives to promote a positive experience across all HR-related activities. Personalization is the aim as firms attempt to create the most relevant benefits experience possible to attract and retain talent within a diverse workforce. Employees are more resilient if offered a broad range of benefits, but more choice means a greater need for digital options to simplify benefits delivery.
Rapid change and complexity can bring cybersecurity risk as well as workforce exhaustion in relation to transformation, skills gaps and HR technology obsolescence. Organizations must take a proactive approach and have open conversations about why technology change is necessary, what items are on the roadmap to be implemented, how to prepare for change and how to execute on such change in an empathetic manner to minimize frustration and anxiety.
For the second year running, the People Risk Report 2022 research showed that HR and risk professionals ranked cybersecurity as the number one risk facing business1. While 76% of respondents feel their organization is addressing cybersecurity risk, only 44% report having effective policies, controls and support systems in place and more than one-third (35%) feel they lack the skilled resources to understand and address the exposure. This aligns with the recent Marsh and Microsoft “2022 Global Cyber Risk Perception Survey”, which shows that 40% of firms say their cyber hygiene needs improvement2.
Testing of systems throughout implementation together with investment in appropriate training for employees is critical to ensuring secure platforms. The Marsh-Microsoft study indicates that 43% of organizations have conducted a risk assessment of their vendor/supply chain. Cooperation is necessary across the entire enterprise; this requires broad-based communication and alignment among stakeholders during key decision-making moments of truth along their cyber resilience journey. For example, all departments that touch cyber risk should be involved in cyber incident management, and cyber insights should be shared across the enterprise to appropriately address weak spots in organizational cybersecurity. HR is often missing from the table.
Five key global findings from the People Risk Report 2022
- Increasingly sophisticated and frequent cybercrimes have pushed cybersecurity up the C-suite agenda. Breaches occurring due to insufficient vendor and people management processes can cause brand damage. Consumers and governments alike are becoming more concerned with data privacy.
- The next highest ranked risk based on the risk rating score (product of “likelihood of the risk occurring in the next three years” and “severity”) in this category was unintended negative consequences from automation and AI, which can include loss of critical expertise, errors and omissions, and poor decision-making.
- HR technology obsolescence followed in the ranking and can result in a failure to make activities, benefits and healthcare more personalized, convenient and secure. This can create a suboptimal employee experience – ultimately resulting in higher turnover and loss of talent. Only 68% of respondents feel their organization is addressing this risk, although our Age of Adaptability research did show that 76% of organizations plan to increase spending on HR and benefits technology post-pandemic3.
- Poor workforce planning or organizational change management could lead to a misalignment of HR and business strategies, which was the next highest accelerated digitization risk. This in turn may prevent a firm from achieving its business vision.
- We were surprised that more respondents did not rank skills obsolescence as a higher risk, despite 35% saying they have faced the issue of lack of skills in mitigating accelerated digitization risks. This could be due to the three-year horizon considered and/or the targeted nature of the skills shortage, which encompasses areas like cloud security, smart contracts, API development and cyber risk management. Our Global Talent Trends research indicates that one-third of companies are seeing higher-than-expected turnover in employees with valued digital skills4.
Trends to watch
The top people risk that faces businesses today is cybersecurity and data privacy, and the World Economic Forum’s Global Risks Report 2022 highlights that 95% of cyber issues have been traced to human error5.
Administration of employee benefit plans is a critical area of exposure. As sensitive health claims information is transferred by third parties, and in some instances internally to manage benefits, firms may need to consider putting more stringent processes in place to keep data secure.
Another key concern is HR technology obsolescence, which is ranked 11th out of 25 risks for employers. While there has been an increase in the number of employees who agree that “my HR technology at work is very joined up” (61%), there’s clearly still some way to go6.
Benefits may be provided by an organization, but they must be communicated and promoted to gain effective use.
How employees access their benefits fits into the employee experience. The ability to integrate work and personal lives is linked to productivity. When it comes to enrolling and consuming their benefits, people increasingly expect a “consumer-grade” experience that is similar to when they make purchases from an online retailer.
Employees need their benefits at moments that matter, right at the fingertips on any device, anywhere and at any time. Our Age of Adaptability research found that when employees are provided with a consumer-grade experience, they are much more likely to feel as though they have “highly relevant” benefits; this also allows them to stay more connected to their organization.
Centralized, automated benefits administration removes the risks of manual data handling and associated security breaches. This should include seamless and secure integrations with existing HR systems, including controlled data access and robust file encryption.
What firms can do
Look at how you can create a digital front door to benefits and other employee supports to help people easily access programs and content, integrated with other HR experiences.
Alongside this emphasis on choice and personalization, it is critical to promote cyber literacy among employee populations with a focus on learning and development.
HR, in conjunction with risk, should focus on where cybersecurity vulnerabilities exist within current employees’ day-to-day activities. This means evaluating everything from administrative access to sensitive information to remote work policies.
Firms must prioritize making sure that benefits data is secure. Extensive data security measures mean employees can access and engage in their benefits safely from any device, anywhere in the world.
Save time and money with automated administrative processes and employee self-service, including employee management of spending account reimbursements.
Improve efficiencies and streamline workflows with integrated auto-enrollment and extensive reporting and audit functionality.
Ideas to get started
For HR or risk professionals just starting to acquaint themselves with the discipline of their respective HR or risk counterpart, here are some possible conversation topics to get started on identification opportunities.
- Review the 12 cybersecurity controls recognized by cybersecurity experts to help prevent, respond, minimize and recover from a cyberattack
- Advance cybersecurity awareness at the board, C-suite and employee levels
- Integrate the HR, Risk and cybersecurity teams’ activity to ensure alignment across key functions
- Adopt a digital-first employee experience and simple digital ecosystem for employee benefits and other common HR transactions, delivered via enterprise-wide best-in-class solutions for strategic areas like benefits
- Enable employees to develop skills, make such development a work expectation and formalize time for learning, and address barriers to mid-career moves
- Move from quantitative workforce planning to a skills-based model that lays the foundation for acquisition of skills to fuel jobs that do not yet exist
- Look at how to use digital health to open up health access
Conclusion
There is no turning back from the digitization of employee benefits and other components of the employee experience. Organizations must seize the exciting opportunities this brings, like opening up access to affordable and convenient healthcare, while managing the risks of cybersecurity and evolving data privacy legislation.
A critical component of this strategy is tactics to support the attraction, retention and engagement of individuals with the required skills. In this respect, companies should look to the technology sector and the workforce itself for inspiration regarding benefits, culture, working conditions and other components of rewards that will bring resilience to the workforce and businesses alike.
Managing Director, Head of Emerging Risks Group, US Cyber Risk Consulting Leader, Marsh
Digital Health Leader, Canada, Mercer Marsh Benefits