Insights/Case studies/Newsroom/CareersCareersCareersPartnersConsultantsTechnology innovationCorporateEarly careersSearch Jobs/About us/Contact us Global locations

  • Phone
  • Contact us
  • Locations
  • Search
  • Menu


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Email this article
View or print a PDF of this page

"Effective resilience in this area relies on a strong culture of trust between an organisation and its people."


BILL WINDLE, PA expert in people risk and cyber security

New guidance aims to help organisations reduce employee risk

18 September 2012


Counterproductive behaviour by employees – whether inadvertent, negligent or malicious – can represent a significant risk to organisations but companies’ efforts to reduce this risk often fail or even make things worse, according to new guidance published by PA Consulting Group and the Centre for the Protection of National Infrastructure (CPNI).

Holistic Management of Employee Risk (HoMER) offers a range of practical measures to help organisations reduce the risk from their employees. This risk ranges from oversight and corner-cutting – such as sharing passwords or propping open doors – to opportunistic behaviour including theft and fraud. At its worst, it can extend to malicious actions such as installing malware in the firm’s IT or enabling access to third parties. Direct losses can be severe, such as in one case putting a firm out of business for three months. Indirect losses are often less easy to measure, including the impact on a business’s reputation, which has a very real commercial value. Recognising that workplace monitoring schemes can be overly secretive or lacking in proper oversight, HoMER recommends a pragmatic approach using clear guidance and senior-level accountability and is defined by transparency and clear governance.

Bill Windle, expert in people risk and cyber security at PA Consulting Group, explains: “We have found that effective resilience in this area relies on a strong culture of trust between an organisation and its people, as well as between individual colleagues themselves. After all, trust underpins all relationships and HoMER is as much about protecting employees (from theft and false accusations) as it is about protecting organisations.

“Organisations should empower staff to act in the right way, encourage them to challenge unsafe behaviour and make sure that they follow company policies. We also recommend that firms learn from the good and bad experiences of other companies worldwide and, where necessary, engage in protective monitoring that is ethical, legal and holistic.”



To find out how PA can help your organisation tackle the challenges of cyber security, contact us now or click here for more information.

HoMER is available on the CPNI website here.  

Corporate headquarters
10 Bressenden Place
London SW1E 5DN London SW1E 5DN
United Kingdom
Tel: +44 20 7333 5865 Tel: +44 20 7333 5865
contact us now

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.