Why HR must lead the charge in cybersecurity

As digital threats grow increasingly sophisticated, cybersecurity has moved beyond the IT department into the boardroom. For organisations in Singapore, protecting data and systems is no longer just a technical exercise but a business-critical priority, and people leaders are being called to play a central role.

Security is a boardroom priority and a people-centric challenge

Cybersecurity is top of mind for boards and the C-suite, and HR leaders are increasingly joining these discussions as strategic partners. When it comes to breaches, human behaviour remains a major weak link. Singapore’s Personal Data Protection Commission (PDPC)’s updated guide to managing data breaches specifically flags negligence or employee error as a significant concern.

Trust is essential, and an organisation’s employer brand is closely linked to how effectively it protects data. HR plays a crucial role in fostering a culture where security is not merely a set of rules but a mindset ingrained in everyday operations.

The high cost of data breaches in Singapore makes it clear that creating a culture of safety is not optional. Yet many organisations rely solely on compliance-driven modules such as “don’t click suspicious links.” While necessary, these efforts fall short of fostering a sustainable security culture.

Modern work is almost entirely digital. Employees switch between devices, work from home, and navigate personal and professional networks. Most already know the basics of avoiding phishing attempts, but knowledge alone does not stop mistakes.

Organisations need to move beyond awareness to building accountability, embedding security practices into every stage of employment.

AI agents take the stage

Just when managing human behaviour feels complex enough, the workforce is becoming populated with AI agents. The potential benefits are undoubtedly enormous—speed, efficiency, and innovation at scale.

A recent Okta poll of cybersecurity practitioners in Singapore reveals that 83% of organisations are already deploying AI agents. However, 52% are not confident in their ability to detect if an AI agent is acting outside its intended scope, and 33% are not currently monitoring AI agents.

As these autonomous programmes can access data, use applications, and complete tasks without direct human input, the gap between adoption and workforce development raises a critical question: who is managing the AI agents?

The stakes are real. A recent attack saw threat actors exploit local large language models (LLMs) to run prompts that searched for crypto wallets and credit card information. Without proper oversight, the very same AI agents on their way to populating Singapore’s workforce can become a significant security vulnerability. Organisations must treat AI agents as first-class identities, monitored and managed alongside human employees.

The role of HR in driving accountability and culture

To address the crossover and properly manage the risks posed by the new human and non-human workforce, cybersecurity today requires a partnership among HR, tech, and security leaders. Mapping accountability across the entire employment lifecycle, from onboarding to offboarding, ensures that employees understand their responsibilities and the consequences of lapses.

Building accountability across the business achieves two things: it fosters a culture of shared responsibility, and it strengthens camaraderie. When employees at every level, from junior employees to executives, understand that security is everyone’s job, organisations are better positioned to prevent breaches and respond effectively when incidents occur.

READ MORE: Agentic AI in HR: Unpacking the hype and addressing the uncertainty

HR’s role here is crucial. By shaping policies, training programmes, and incentives that align human behaviour with cybersecurity goals, HR leaders ensure that people as well as technology become a core line of defence.

Way forward

Cybersecurity is now a people issue, a board-level issue, and increasingly an AI issue. With human behaviour still the largest vulnerability, and AI agents adding new complexity, organisations must rethink security from the ground up.

By building a culture of accountability, vigilance, and partnership between HR, technology, and security leaders, organisations will not only protect sensitive data but also reinforce trust in their brand and demonstrate leadership in a rapidly evolving digital landscape.

About the Author:

Stephanie Barnett is Vice-President, Interim General Manager, Asia-Pacific and Japan, Okta.