Human resources leaders are increasingly being pulled into the front lines of workforce protection as identity-based cybersecurity attacks accelerate. In the first half of 2025 alone, these attacks surged 32%, according to Microsoft data, with more than 97% aimed at passwords.
At the same time, cybercriminals are using AI to automate phishing efforts and craft far more convincing social engineering schemes. With employees now serving as the primary shield against these threats, HR’s role in organizational security is becoming more critical and more complex than ever before.
New research from Forrester predicts that by 2026, more than 60% of security leaders will make workforce risk reduction a formal part of their strategy. The shift marks a change in how organizations approach security, moving beyond technology alone to encompass the people who use it.
“HR can and should play an important role in this topic,” says Agi Garaba, chief people officer at automation platform UiPath. “Internally, HR should focus on building relationships and working closely with stakeholders across the organization, especially in risk, operations, security and IT.”
Additionally, the Forrester research indicates that 40% of security organizations will add a dedicated workforce risk role, creating new opportunities for HR professionals to demonstrate strategic value.
HR as a strategic security partner
For decades, HR has operated primarily as a function focused on recruiting, benefits and compliance. The new security mandate requires a different approach. “In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up,” write Microsoft researchers.
Garaba recommends that HR teams select metrics that matter to the broader organization, partnering with functional, operational and IT leaders to understand their goals for growth, revenue, customer retention, security and transformation.
“HR teams are the most effective when they focus on solving business challenges,” she says. “Create buy-in from those organizational partners through shared goals, with regular communication on progress.”
The Forrester report emphasizes that security skills shortages will drive organizations to invest heavily in workforce development and cross-functional training programs, placing HR at the center of these initiatives.
Cybersecurity training as the first line of defense
The zero-trust security model, which assumes no user or system should be automatically trusted, according to Microsoft security pros, is expanding beyond technology infrastructure to encompass workforce behavior and access management.
“As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams,” write the researchers. Under this approach, organizations continuously verify identities, monitor activities and limit access based on real-time risk assessments.
As this model extends to people, HR leaders must develop comprehensive training and policy communication strategies that help employees understand why their access is monitored and how security protocols protect both the organization and their own data.
Garaba says HR can play a key role in developing and implementing effective mitigation strategies through training, reinforcing core values and protecting company assets and brand reputation.
The shift requires HR to acknowledge technical vulnerabilities and translate them into accessible training programs that employees can understand and apply in their daily work.
Building trust in an era of surveillance
The expansion of behavioral monitoring and access controls raises questions about employee privacy and trust. Garaba emphasizes that transparency becomes essential as organizations implement new security measures.
“Trust and transparency are essential values in workforce management, helping to foster a positive and productive work environment,” she says. “One of the key building blocks of trust is being open and honest whenever possible, modeling and promoting a culture of accountability and collaboration.”
The challenge for HR leaders is to balance cybersecurity requirements with the need to maintain employee morale and engagement.
Read more: CEO priorities in 2026 and how they impact HR leaders
Industry collaboration on cybersecurity is required
Garaba also calls for HR leaders to engage externally with peers, industry groups and trade associations to share best practices and develop standards and certifications.
Microsoft researchers agree, writing that as digital transformation accelerates, addressing cybersecurity challenges requires “not only technical innovation but coordinated societal action.”
The collaborative approach reflects the reality that workforce security threats transcend individual organizations. What works at one company may help others, and industry-wide standards can raise the baseline for all.
As AI governance frameworks emerge and security threats grow more sophisticated, HR leaders who embrace this expanded role will position their organizations for success while elevating the function’s strategic importance.
“Use data to tell the story,” Garaba says. “Together, these approaches will help to build trust and credibility with stakeholders.”
