Your Employees Are Your Biggest Security Risk

Your employees are your biggest security asset. And your biggest risk.

The next breach probably won't come from a sophisticated hacking group. It'll come from a disgruntled employee with too much access. Or a contractor who never got properly offboarded. Or a new hire nobody bothered to background check.

We just launched HR Security Assessments on RateYourCyber.

This isn't another compliance checkbox. It's a proper look at how your people practices stack up against industry standards.

What It Covers

Pre-Employment Security

Are you actually vetting people before they join? Background screening, reference verification, identity checks. Most companies do the bare minimum here and hope for the best. The assessment looks at whether your screening processes match the sensitivity of the roles you're filling.

Employment Agreements

NDAs, security clauses, acceptable use policies, IP agreements. Having these documents exist is one thing. Having them properly tailored to different roles and actually enforced is another. We assess whether your contractual security obligations would hold up when it matters.

Access Management

Who has keys to what, and why? This covers how you provision access when people join, how you handle role changes, whether you actually review who has access to sensitive systems, and how you manage privileged accounts. Most organisations are shocked when they see how much unnecessary access has accumulated.

Security Training

Beyond watching a 20-minute video once a year. We look at your security awareness programme, phishing simulations, role-specific training, and how you onboard new hires from a security perspective. More importantly, whether any of it actually changes behaviour.

Offboarding

Do ex-employees still have access? Be honest. The assessment covers how quickly you revoke access when people leave, whether you have a proper asset return process, exit interview security components, and knowledge transfer controls. This is where most organisations have the biggest gaps.

Insider Threat

The uncomfortable conversation nobody wants to have. Security violation policies, insider threat detection programmes, incident reporting culture. Not about creating a surveillance state, but about having reasonable controls that balance security with trust.

Assessment results with industry benchmarking across all six HR security domains

What You Get

Real scores. Industry benchmarks. Specific gaps you can act on.

The results show you exactly where your people security is solid and where it's not. Each domain gets scored against what similar organisations in your industry are doing. You see the gap analysis immediately.

Why This Matters Now

Insider threats account for a significant portion of security incidents. And they're getting more expensive. The average cost of an insider-related incident keeps climbing year over year.

Regulators are paying attention too. Whether it's data protection authorities looking at how you handle employee data, or industry regulators checking your personnel security controls, the scrutiny on HR security is increasing.

And your cyber insurance? They're asking about these things during underwriting. Background checks, access reviews, offboarding procedures. If you can't demonstrate systematic HR security practices, expect harder questions or higher premiums.

Who Needs This

• Growing companies adding staff quickly without mature HR security processes
• Organisations with contractors who need to ensure third-party workers get the same security treatment as employees
• Regulated industries where personnel security is explicitly required
• Anyone with high staff turnover where offboarding risks multiply
• Companies handling sensitive data where insider access is a material risk

The Bottom Line

Your perimeter security might be solid. Your technical controls might be excellent. But if your people practices have gaps, that's where the problems will come from.

Find out where you actually stand.