The Department for Work and Pensions recorded 240 missing laptops and 125 phones in 2024, while the Ministry of Defence lost 103 laptops and 387 phones in just five months this year, the Guardian reported on Sunday (22 June).
The scale of these losses prompted cybersecurity officials to warn of “systemic risks” to national security, even with encryption protections in place. This serves as a stark reminder of the vulnerabilities that arise when devices leave the workplace.
“When it comes to data security, springing into action after a device goes missing is like shutting the stable door after the horse has bolted,” Jim Moore, employee relations lead for the HR consultancy Hamilton Nash, told HR magazine.
“Technical safeguards like encryption and two-factor authentication are important but, too often, the human is the weak link.”
Read more: Lock it in: How to close the cybersecurity training gap
Moore emphasised HR’s role in building a security-conscious culture through onboarding, refresher chats and internal communications, as well as fostering an open environment where employees can report incidents immediately, without fear.
Chris Boland, cybersecurity consultant for the digital consultancy Sytech, agreed that HR teams must balance security requirements with employee trust, suggesting “proportionate surveillance without being invasive”.
Speaking to HR magazine, Boland recommended that organisations implement security awareness training that highlights the importance of data protection and the real consequences of breaches, using industry-recognised companies that regularly update their programmes as examples of how to meet today’s threats.
Read more: One in five employees have no cybersecurity training
At Mediazoo, a communication and learning company, head of HR Jess Lambourne has worked directly with cybersecurity training providers to ensure that content met ISO compliance standards. She explained to HR magazine: “This collaboration ensured that training was created in a tone and style that people at Mediazoo would understand.”
When breaches do occur, HR professionals must support investigations while ensuring fair treatment of staff and meeting GDPR reporting obligations. Moore commented: “That might include assessing what personal data was exposed and, if necessary, notifying individuals and regulators in line with data protection law.”
Lambourne added: “In the event of a breach, our people team ensures internal processes uphold company values, protect employees’ rights and comply with employment laws.”
