The modern workplace, now an intricate web of hybrid work models, AI-powered analytics, and ubiquitous digital tools, is fertile ground for security vulnerabilities. HR, often responsible just for its people strategy, must now step into a parallel role—that of a vigilant data steward.

Highlighting HR’s role in maintaining data security, Atul Mathur, the Executive Vice President HR at Aditya Birla Capital India, notes that today, “HR plays a key anchor role with respect to creating a conducive ecosystem through relevant policies, rewards & recognition, regular training programs/nuggets, and ensuring adequate leadership communication.”

Having the right tech partners

With tighter business conditions and an evolving landscape, investment in and adoption of digital solutions have been on the rise for the past few years. As HR and business leaders look for ways to improve productivity, address skills gaps, and ensure engagement, solutions like automation, analytics, digital platforms, and now AI have all but become a part of the company’s fabric of operations. AI and advanced analytics have empowered HR teams to make data-driven decisions on everything from hiring to performance management.

Successfully balancing the need to adopt more business-relevant solutions while managing data security begins with partnering with technology solution providers who have an equally robust focus on data privacy and protection. From meeting statutory regulations around data security to ensuring trust is the bedrock of successful collaboration, companies like ServiceNow, for example, have dedicated infrastructure and procedures in place that make it easy for HR leaders across APAC to ensure security and avoid breaches of confidential data.

The hybrid work conundrum

The next top driver of data security threats, after growing digitalization, is the prevalence of hybrid work across APAC. Access to foreign talent opens new avenues for companies to be competitive from both a skills and cost standpoint. But these benefits would amount to little if HR doesn’t focus on data security. A recent study showed that 62% of organizations offering remote work options ended up suffering from data breaches.

Hybrid work structures have introduced new complexities to data security. Employees now access company networks from personal devices, unsecured Wi-Fi connections, and remote locations, increasing the risk of cyber threats. The traditional security perimeter has dissolved, making endpoint security, multi-factor authentication, and secure cloud storage indispensable. HR must work closely with IT teams to establish clear security policies that extend to remote work environments, ensuring that data remains protected regardless of where employees log in.

To address this need, Atul adds that “additional security tools are often necessary in case employees work in a hybrid manner.” For HR, he states it's critical to follow these measures with adequate communication and awareness on the topic—one that needs to start right from new employee induction.

But this focus on preventing data breaches cannot be a one-off effort. “Needless to say that HR has to maintain strict vigil and governance to ensure that no violations take place. This has to be continuous,” he adds.

The criticality of data awareness

HR cannot merely enforce security protocols; it must cultivate a culture of data awareness. Given how the workforce across APAC today is multigenerational, the onus on HR is even greater. The weakest link in cybersecurity remains human error—employees falling for phishing attacks, mishandling sensitive data, or unwittingly exposing company systems. Regular training sessions, not just on compliance but on real-world cyber threats, are essential. Cyber hygiene should be as ingrained in workplace culture as diversity training.

Explaining the ‘how’ of tackling these challenges, Atul shares that “employees are made aware of the importance of cybersecurity and cyber threats through training programs and talks of SMEs. It is critical for every employee to understand the implications of their actions with respect to any possible cyber threat. Such interventions are conducted at regular intervals to ensure it remains top of mind for the employees.”

At the same time, HR must respect employee privacy. Overly aggressive monitoring fuels resentment and disengagement. Instead, organizations should adopt a principles-based approach: collect only what is necessary, anonymize where possible, and provide employees with control over their personal data. Privacy should not be a footnote in security policies but a pillar of corporate governance.

On employee privacy and trust

HR is uniquely positioned to mitigate not just organizational concerns but also employee concerns about data usage. First, it must ensure that the adoption of AI and data-driven decision-making does not violate employee rights. Transparency is key: workers should be fully informed about what data is collected, how it is used, and the safeguards in place. A clear, well-communicated data policy is not just a regulatory necessity; it is a foundation for trust.

Second, HR must advocate for ethical AI. The increasing reliance on machine learning models necessitates stringent guardrails against bias and excessive surveillance. This means actively working with IT and compliance teams to assess algorithmic fairness and prevent unintended discrimination in hiring, promotions, and terminations.