Gartner Identifies Four Actions for CHROs to Strengthen Digital Security

As more HR functions implement AI and automated technologies, security incidents are becoming more common and harmful, so CHROs must take steps to strengthen digital security, according to Gartner, Inc., a business and technology insights company.

“With organizations opting for more automation within their HR systems to contain HR costs, cyber resilience and protection of sensitive personal data across the entire talent life cycle must become foundational priorities,” said Emi Chiba, Senior Principal Analyst in the Gartner HR Practice. “For example, a candidate data breach that compromises personally identifiable information (PII) creates legal risk, negatively impacts employer brand and diminishes employee trust in an AI-supported hiring process.”

Gartner has identified four actions for CHROs to take that will help strengthen data protection and build trust in automated HR systems.

“CHROs often take more of a passive role in making technology investment decisions, however when data breaches occur, there are massive implications on talent, including the risk to the employment brand and IP theft,” said Chiba. “Many CHROs do not have strong digital awareness and are struggling to lead and influence AI and digital transformation.”

To excel as digitally effective CHROs in this era of HR automation, it’s imperative that they view technology not just as an enabler but embed it into their strategy and execution. This requires CHROs to strengthen their digital and cyber fluency, engage proactively with IT leaders, and embed security considerations into every phase of HR technology planning to safeguard talent and organizational reputation. 

According to a May 2025 Gartner survey of 300 cybersecurity leaders, only 43% of companies conduct regular audits and reviews on public generative AI (GenAI) tools to ensure compliance with cybersecurity policies.

To increase cyber resilience, CHROs must work with IT, cybersecurity, and vendor management leaders to build security into their organization’s systems and monitor them regularly. CHROs should collaborate with IT leaders to adopt security architecture practices. This includes working together to define the business needs and reviewing existing and planned product security capabilities.

“Security incidents, such as a candidate data breach, underscore the importance of a strong partnership between IT and HR when outsourcing HR tasks to a third-party vendor,” said Chiba.

CHROs must play an active role in establishing and operationalizing ongoing third-party risk management. To do this, CHROs must not only closely partner with IT leaders, but also procurement and legal teams to assess vendor security postures, review audit reports, and ensure that data-handling practices meet enterprise standards. 

A data breach may signal deeper issues within the organization, beyond just weak technical controls. While security reviews can often feel like a barrier to speed, they need to be viewed as an essential checkpoint.

CHROs need to foster a culture where raising security flags and taking the time to slow down and assess risks is encouraged and not seen as a bottleneck. A key factor in fostering this culture is creating psychological safety amongst employees; employees who feel psychologically safe are more capable of communicating candidly about anticipated issues and solving problems creatively.

Gartner clients can read more in the report: Lessons for CHROs From the Recent AI Candidate Data Breach.

About Gartner HR Symposium/Xpo

Gartner HR Symposium/Xpo is where CHROs and their leadership teams gather each year to reimagine their strategies through the lens of Gartner’s research-driven insights and expert advice on leadership and learning, employee experience, culture and change, talent acquisition and workforce planning, and HR technology. Gartner HR Symposium/Xpo will be held October 7-9 in London, October 27-29 in Florida, and November 17-18 in Sydney. Follow news and updates from these events on LinkedIn using #GartnerHR.

About Gartner AI Use Case Insights

Gartner AI Use Case Insights is an interactive tool that helps technology and business leaders efficiently discover, evaluate, and prioritize AI use cases to potentially pursue. Clients can search over 500 use cases (applications of AI in specific industries) and over 380 case studies (real world examples) based on industry, business function, and Gartner’s assessment of potential business value. Clients can access the interactive tool at https://tools.gartner.com/use-case-insights.