As more HR functions implement AI and automated technologies, security incidents are becoming more common and harmful – so CHROs must take steps to strengthen digital security, says Gartner.
“With organisations opting for more automation within their HR systems to contain HR costs, cyber resilience and protection of sensitive personal data across the entire talent life cycle must become foundational priorities,” says Emi Chiba, senior principal analyst in the Gartner HR practice. “For example, a candidate data breach that compromises personally identifiable information (PII) creates legal risk, negatively impacts employer brand, and diminishes employee trust in an AI-supported hiring process.”
Gartner has identified four actions for CHROs to take that will help strengthen data protection and build trust in automated HR systems.
Make cyber and data security a strategic imperative in HR automation
“CHROs often take more of a passive role in making technology investment decisions, however, when data breaches occur there are massive implications on talent – including the risk to the employment brand and IP theft,” says Chiba. “Many CHROs do not have strong digital awareness and are struggling to lead and influence AI and digital transformation.”
To excel as digitally effective CHROs in this era of HR automation, it’s imperative that they view technology not just as an enabler, but embed it into their strategy and execution. This requires CHROs to strengthen their digital and cyber fluency, engage proactively with IT leaders, and embed security considerations into every phase of HR technology planning to safeguard talent and organisational reputation.
Partner with identity and access management teams to identify and audit threats proactively
According to a May 2025 Gartner survey of 300 cybersecurity leaders, only 43% of companies conduct regular audits and reviews on public generative AI (GenAI) tools to ensure compliance with cybersecurity policies.
To increase cyber resilience, CHROs must work with IT, cybersecurity, and vendor management leaders to build security into their organisation’s systems and monitor them regularly. CHROs should collaborate with IT leaders to adopt security architecture practices. This includes working together to define the business needs and reviewing existing and planned product security capabilities.
Establish comprehensive third-party risk management for HR technology
“Security incidents, such as a candidate data breach, underscore the importance of a strong partnership between IT and HR when outsourcing HR tasks to a third-party vendor,” says Chiba.
CHROs must play an active role in establishing and operationalising ongoing third-party risk management. To do this, CHROs must not only closely partner with IT leaders, but also procurement and legal teams to assess vendor security postures, review audit reports, and ensure that data-handling practices meet enterprise standards.
Strengthen culture to promote security
A data breach may signal deeper issues within the organization – beyond just weak technical controls. While security reviews can often feel like a barrier to speed, they need to be viewed as an essential checkpoint.
CHROs need to foster a culture where raising security flags and taking the time to slow down and assess risks is encouraged and not seen as a bottleneck. A key factor in fostering this culture is creating psychological safety among employees – employees who feel psychologically safe are more capable of communicating candidly about anticipated issues and solving problems creatively.