Chief human resources officers need to take a more active role in strengthening their organization’s digital security, particularly as more HR functions incorporate artificial intelligence and automation tools, according to a Sept. 3 report from Gartner.
Gartner identified four steps CHROs can take to ensure data protection and build trust in their HR systems: making security a strategic part of HR automation, identifying threats proactively, establishing third-party risk management for HR tools and strengthening a culture of security.
“CHROs often take more of a passive role in making technology investment decisions, however, when data breaches occur, there are massive implications on talent, including the risk to the employment brand and [intellectual property] theft,” Emi Chiba, a senior principal analyst in Gartner’s HR practice, said in a news release. “Many CHROs do not have strong digital awareness and are struggling to lead and influence AI and digital transformation.”
For instance, in an AI-based hiring process, a candidate data breach could compromise personal data, create legal risks, harm an employer’s reputation and affect employee trust, Chiba said.
Data breaches and lawsuits are becoming more common, with several major data breaches occurring so far in 2025. These breaches have involved HR tech vendors, employment associations and large employers, where personal identifiable information was accessed and stolen due to inadequate security measures.
In a 2024 ransomware attack on ManpowerGroup, for example, hackers reportedly stole files including Social Security cards, passports, hours worked and worksite information, among other documents.
Cybersecurity isn’t the sole domain of IT teams, experts told HR Dive, noting that HR plays a critical role in preventing cyberattacks and responding when a breach occurs. HR teams can prepare themselves and the entire organization by implementing anti-phishing training, creating incident response plans and responding quickly when an employee reports a problem.
At the broadest level, CHROs can play a more active role by making security part of their AI and automation strategies from the outset, according to the Gartner report. To do so, HR teams need to: improve their digital fluency through upskilling; engage IT leaders proactively; and include security considerations in every phase of HR tech planning.
HR teams need to audit potential threats as well, Gartner noted. In a May 2025 survey of 300 cybersecurity leaders, only 43% said their companies conduct regular audits on AI tools to ensure compliance with cybersecurity policies. This requires partnership between HR, IT, security and vendor management leaders.
As part of that, HR leaders should also establish third-party risk management for HR tech, Chiba said. CHROs should partner with procurement and legal teams to assess vendor security, review audit reports and verify data-handling practices, according to the report.
Across the organization, CHROs can strengthen a culture of security among employees, Gartner said. This includes encouraging workers to raise security flags, taking those reports seriously and assessing risks regularly. Fostering psychological safety is key, the report noted — employees who feel safe to speak up are more likely to do so.