IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
International Women’s Day
386 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Human figure at desk using computer with cyber security shields
#
Digital Transformation
#
HCM
#
Physical Security

CHROs urged to prioritise cyber security amid AI in HR systems

Thu, 4th Sep 2025
Author image
By Sean Mitchell, Publisher

Gartner has outlined four actions for Chief Human Resources Officers (CHROs) to address rising digital security concerns as HR functions increasingly adopt artificial intelligence (AI) and automated technologies.

Emi Chiba, Senior Principal Analyst in the Gartner HR Practise, stated that the widespread implementation of automation within HR systems is making cyber resilience essential due to the significant risks posed by breaches of sensitive personal data.

"With organisations opting for more automation within their HR systems to contain HR costs, cyber resilience and protection of sensitive personal data across the entire talent life cycle must become foundational priorities," said Emi Chiba. "For example, a candidate data breach that compromises personally identifiable information (PII) creates legal risk, negatively impacts employer brand and diminishes employee trust in an AI-supported hiring process."

Strategic imperative

Gartner's first recommended action is for CHROs to make cyber and data security a strategic imperative in HR automation processes. The firm highlighted that CHROs have traditionally taken a less active role in technology investment decisions, leaving organisations vulnerable when data breaches occur. Chiba noted the increasing consequences of such breaches, which extend to risks around intellectual property theft and reputational damage.

"CHROs often take more of a passive role in making technology investment decisions, however when data breaches occur, there are massive implications on talent, including the risk to the employment brand and IP theft," said Chiba. "Many CHROs do not have strong digital awareness and are struggling to lead and influence AI and digital transformation."

Gartner recommends that CHROs strengthen their own understanding of digital and cyber issues, engage proactively with IT leadership, and ensure that security considerations are integrated into all phases of HR technology planning to protect both organisational reputation and employee data.

Identity and access

The second action encourages CHROs to partner with identity and access management teams to proactively identify and audit security threats. Recent research from Gartner, drawing on a May 2025 survey of 300 cybersecurity leaders, revealed that only 43% of companies regularly audit public generative AI tools to guarantee compliance with cybersecurity policies.

To address this, Gartner suggests that CHROs work closely with IT, cybersecurity, and procurement leaders to integrate security measures into the organisation's HR systems and maintain ongoing oversight through regular monitoring. Close collaboration in defining security architecture and reviewing the security capabilities of both current and planned technology deployments is also advised.

Third-party risk

Gartner's third recommendation is to establish comprehensive third-party risk management for HR technologies. Security incidents involving vendors, such as breaches affecting candidate data, underline the importance of strong cooperation between HR and other business functions when responsibilities are outsourced.

"Security incidents, such as a candidate data breach, underscore the importance of a strong partnership between IT and HR when outsourcing HR tasks to a third-party vendor," said Chiba.

CHROs are advised to assume an active role in the continued management of third-party risk, including working with IT, procurement, and legal teams to assess vendor security, review audit findings, and verify that partners' data handling processes align with enterprise standards.

Security culture

The final action focuses on strengthening organisational culture to make security an integral value. A breach can be symptomatic of broader issues rather than solely technical weaknesses. Gartner cautions that while security reviews may slow down business processes, they should be accepted as fundamental safeguards.

Chiba emphasised the importance of psychological safety among employees, allowing staff to raise potential issues without fear of reprisal, which, in turn, promotes open communication and creative problem solving.

Gartner's recommendations aim to assist CHROs in improving cyber resilience and building trust as HR departments increase their adoption of automated and AI-driven technologies.

Related stories
AI may sound human...but whose values does it reflect?
Origami launches chat-based AI tool for sales leads
Tufin unveils AI assistants & executive security hub
Wordly adds live AI translation to Microsoft Teams
Deskpro brings cloud & VPC help desks to AWS shopfront

Top stories

Sama credential leaks raise fears over Meta glasses data
Inventec boosts AI server output with Siemens DFM tools
Hexnode debuts device-aware IdP to fuse identity & UEM
Salesforce unveils Agentforce AI tools for healthcare
Women in tech call for daily, sustained workplace backing