Insights/Case studies/Newsroom/CareersCareersCareersPartnersConsultantsTechnology innovationCorporateEarly careersSearch Jobs/About us/Contact us Global locations

  • Phone
  • Contact us
  • Locations
  • Search
  • Menu


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Email this article
View or print a PDF of this page

The human factor: Reducing employee risk is essential to preserve data security

Tim Hitchcock

Thomson Reuters Accelus

2 July 2013


PA’s Bill Windle, people and cyber risk expert, is extensively quoted in an article on the human aspect of cyber security. The article addresses the new guidance for employees, Holistic management of Employee Risk (HoMER), produced by the Centre for the Protection of National Infrastructure (CPNI) and PA.

The article explains how technology makes it easy for organisations to be harmed – intentionally or by accident – by its employees. Bill explains that the risk organisations face of internal personnel using their data and systems in damaging ways is high and the impact can be severely damaging to an organisation's reputation and performance. He explains: “Cyber technology places enormous power in the hands of individuals, for better or worse. Today everyone is a cyber-enabled insider.”

Bill explains that organisations need to monitor their IT more sufficiently and enough importance isn’t placed on the right tools to help do so: “To date the focus has been on technical solutions, which are important but not sufficient. It is expensive, impossible and ineffective to build a fortress. Many organisations only gain value from their monitoring tools after an incident has occurred. This is because they don't fully understand how to use monitoring to inform future-looking assessments that would enable the right interventions to be help prevent the incident occurring in the first place.”

The article goes on to explain that HoMER emphasises the need to integrate the human factor into the protection of sensitive data and systems through better cultures, transparency, leadership and training. Bill, who played a leading role in the programme's development, comments: “HoMER gets people talking to each other through an operational, people risk-based lens which helps find new trade-offs, investment options and often efficiencies. HoMER's risk-based approach to monitoring strengthens an organisation's compliance with [Data Protection Act] privacy requirements and helps to expose new insights on security architecture.”

The article explains how an organisation's HR department faces particular threats as employees most often want to know how much colleagues earn and other personal information. Bill explains the crucial time when employees are most likely to steal data: “An important lesson from U.S research is that employees who have an intention of stealing from or damaging their organisations in other ways tend to carry out these actions three to four weeks before they leave, but few monitoring teams are informed of an employee's leaving status or resignation as a matter of routine.”

Bill concludes by explaining that HoMER shows the value of focusing on behaviours rather than people. “This makes all the difference since any monitoring can and should look for counter-productive behaviours regardless of the type of employee,” says Bill. 

For our thinking and insights on tackling the challenges of cyber security, click here.  For more information on PA’s expertise on cyber security, contact us now.

The HoMER web site can be accessed here.

Corporate headquarters
10 Bressenden Place
London SW1E 5DN London SW1E 5DN
United Kingdom
Tel: +44 20 7333 5865 Tel: +44 20 7333 5865
contact us now


Sign-up to receive company updates and press releases by email or newsfeed:



By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.