The Chartered Institute of Personnel Management of Nigeria held its 17th Special Human Resource Forum (SHRF) virtually on Thursday, June 19, focusing on ‘The Role of HR in Cybersecurity and Compliance: Protecting Employee and Organisational Data.’
With an assembly of HR professionals, technology experts, and regulatory authorities, the forum underscored the imperative for HR professionals to transcend traditional functions and assume guardianship of digital trust.
Mallam Ahmed Ladan Gobir, the President and Chairman of the Governing Council of CIPM, in his opening remarks, declared that “when data becomes gold, HR must become the vault”.
He emphasised that in an era where every click and login is logged, HR’s touchpoint with every employee, from onboarding through offboarding, positions it uniquely to shape an organisation’s cyber resilience. He also noted that “when HR gets cybersmart, the whole organization becomes cyber strong.”
Linda Rogers, the Director/Founder and Executive Coach at Leadership House and the forum’s guest speaker, provided a global compliance and cyber risk perspective.
She highlighted the importance of integrating cybersecurity knowledge into HR job descriptions and ongoing professional development.
Citing her experience, she stressed that HR must keep pace with digital transformation by understanding processes such as the Joiners, Movers, Leavers (JML) lifecycle: notifying IT immediately upon employee exit to revoke access and embedding vulnerability protection measures to counter phishing attacks.
On the emerging risks and opportunities of Artificial Intelligence, Rogers urged organisations to agree on approved AI tools (e.g., Copilot) and procure dedicated domains to safeguard data, insisting that AI use remain ethical and aligned with organisational data policies.
From a regulatory standpoint, Kashifu Inuwa Abdullahi, the Director General/CEO of NITDA, represented by Ayodele Bakare, emphasised the importance of third-party risk assessments when engaging vendors, ensuring compliance with government and industrial frameworks to mitigate data management risks, and strict adherence to the Nigeria Data Protection Act.
Bakare asserted that “when engaging a vendor, conduct third-party risk assessment compliance with government and industrial framework,” ensuring that a partner does not introduce cybersecurity or data management risks and that all practices align with the Nigerian Data Protection Act. This view was echoed when panelists underscored the need for HR to be thoroughly educated on data privacy laws, industry standards, and to “domesticate NDPA” through robust training plans and regular audits.
Addressing the human element,
Adeyemi Ajayi, the Head of Human Resource of SYNLAB Nigeria, stressed that “HR must be a collaborator and have a human firewall,” explaining that organisations need mechanisms to track employee access throughout their tenure. This reflects the idea that HR-led awareness campaigns and phishing simulations help build a vigilant workforce.
On organisational structure, Bashar Logun Babatunde, the Acting Chief Technology Officer of Credit Direct Limited, argued that “cybersecurity should be a standalone division.”
He noted that HR’s role includes advocating for clear reporting lines and ensuring that cyber functions have the authority and visibility needed to act decisively.
Sandra Ukor, the Vice President, Infrastructure Security Cloudware Africa, highlighted technical safeguards, stating that “there must be a right encryption mechanism that includes specified data classification”. She explained that HR must work with IT to classify personal and sensitive data correctly, ensuring that only authorised personnel can access it under appropriate encryption controls.
Ayodele noted that large organisations should designate Data Protection Officers (DPOs) and Data Protection Compliance Officers (DPCOs) to oversee policy implementation; HR plays a key role in staffing and empowering these roles.
As organisations navigate an increasingly complex threat landscape, CIPM emphasises that HR’s proactive engagement in cybersecurity and compliance is no longer optional but essential to safeguarding employee data, organisational reputation, and regulatory standing. Participants left the forum equipped with strategic frameworks and practical recommendations to transform HR into a linchpin of digital defence.
