Latest CoverageVKTR TVEventsResearchBe a ContributorEditorial CalendarAdvertising
The Business of Enterprise AI
Security access via ID card
Editorial

The 3 Security Responsibilities Every HR Leader Must Own

4 minute read
Brandon Roberts avatar
By
June 5, 2026
Digital Workplace
SAVED
HR may not think of themselves as security leaders, but AI changes that.

Every day, HR leaders make decisions that impact security and risk. Most do not know it.

Decisions like who can access people data, how the offboarding process closes and who gets looped in when an internal investigation opens, open the door to risk. Most HR leaders and their teams make those decisions without the right frame. And as AI scales, the consequences compound fast. In fact, IBM’s Cost of a Data Breach Report found that 97% of organizations that experienced an AI-related breach lacked proper access controls.

The gaps show up at every stage. A resume sits in three AI models without access governance. An employee who left six weeks ago still has credentials active across every system an agent can reach. An insider threat investigation surfaces, and HR, which had the most important context, was not in the room.

Table of Contents

3 Governance Responsibilties HR Must Own 

Here is the tension I keep coming back to. Giving people access to more data enables richer AI experiences, but every access decision creates an exposure risk.

A manager who can ask a data agent for compensation bands across their team gets a more useful and specific answer. Without governance, that same query surfaces data about teams they have no business seeing, at scale, with no audit trail. Managing that line deliberately belongs to HR leadership — a role we haven’t played historically.

HR does not need to become a security team, but they do need to understand which governance responsibilities belong to them and own them deliberately.

1. Who Can Access Your People Data and Under What Circumstances

HR manages the most sensitive personally identifiable information in the enterprise: resumes, compensation history, home addresses, social security numbers, health and benefits data, background check results for current employees, former employees and candidates who never got hired. More of that data now feeds directly into AI models and gets surfaced by agents answering natural language questions in seconds.

The question I ask HR leaders: who can ask what, under what circumstances and how does that get enforced automatically as AI scales? IT can build the system, but HR has to decide what goes in it and who can reach it.

I recommend connecting people data and security governance in a single system, where access decisions are enforced automatically and every action is auditable. That is how you give AI more to work with without losing control of who sees what.

Related Article: Protecting Enterprise Data in the Age of AI: A Business Leader's Guide

2. How Fast and How Completely You Close Access When Someone Leaves

The window between an employee’s last day and confirmed removal of their access to company networks, systems and data is one of the highest-risk moments in the enterprise. Most organizations have a process. Almost none have a confirmed, closed loop with a measurable SLA.

Here is what I see most often. An employee’s last day is Friday. HR closes the record. IT gets notified days later. With AI agents now executing actions across every platform, accessing databases, triggering workflows and touching every system in the organization, a former employee with lingering credentials is an AI governance failure.

HR owns the triggering event and must own the confirmed close. Submitted and verified, not assumed.

This is also one of the clearest examples of why cross-functional workflows matter. Employee offboarding requires HR, IT, Legal and Security working from a shared, trusted system. When those functions operate across disconnected systems with manual handoffs, the gaps compound. A unified workflow that every function can rely on is what makes both speed and accountability possible.

The fix is straightforward in principle. Connect the HR offboarding event directly to access termination. Automate it, make it auditable and measure the SLA. One system, one confirmed close, no assumptions about what happened downstream.

3. A Seat at the Table When an Insider Threat Happens

When an insider threat emerges, security teams respond and HR typically finds out after the fact. That sequencing is backwards.

Think about what security sees and what HR knows. Security detects anomalous access patterns. HR has context on a performance conversation from the week before, a manager conflict, an unexpected role change request. Right now, those two teams rarely connect in time to matter.

When both live in a shared system, the response changes completely. HR behavioral context and security signals become visible together in real time. That combination — signal plus story — is what turns a detection into an action.

HR leaders need to see themselves as critical, immediate stewards of AI and data security. The human context HR holds is what makes security intelligence actionable. This is a muscle HR must build before the threat emerges, not after.

Related Article: How AI's Restructuring of HR Ripples Across the Workforce

This Is What Enables the AI Vision

I believe the HR leaders who realize their AI vision fastest will be the ones who took ownership early.

Getting there requires more than the right platform. HR, IT, Legal and Security each have a role at different points in this process. The work is in defining those roles clearly, so the handoffs are intentional rather than accidental. HR's responsibility extends beyond its own function. When HR models what governed, responsible AI use looks like in practice, it sets the standard for how the rest of the organization operates.

And they all connect back to the same fundamental tension. Feeding AI access to more data makes your models better, your experiences smarter and your people faster. Governing that access deliberately, with guardrails that scale automatically alongside it, is what separates organizations that move with confidence from those that accumulate exposure. The goal is to have the right rules and rails to enable amazing experiences securely. The ones treating security as an afterthought or reactive task will face compounding risk at the exact moment their AI ambitions are highest. This is a risk tolerance decision that must be deliberately managed and owned.

Right now, most organizations manage these three responsibilities across disconnected systems, with manual handoffs, inconsistent enforcement and no single view of risk. That is the gap AI exposes and the gap a unified platform closes.

Close it, and you move faster, take on less risk and build AI that employees and leaders can actually trust.

Learning Opportunities
Webinar
Rocket Science
Jun
16
From Legacy to Launch-Ready: How Gainbridge Made Its Website a Marketing-Led Growth Engine
Join in to learn how a D2C annuity brand gave marketing full website ownership — without slowing down or risking compliance.
Register
Webinar
Legacy
Jun
30
How Modern Marketing Is Exposing the Limits of Legacy CMS
Why marketers are rethinking CMS workflows that slow publishing, personalization and campaign execution.
Register
Webinar
Prove the significant result not only in soccer
Jul
14
Content Leaders Collective: Proving Content’s Business Impact
Join us as top content leaders look beyond the buzzwords to share how they actually prove ROI and scale what works.
Register
Webinar
Stability
On demand
Content Strategy Leaders Live: Managing Risk, Compliance & AI in Financial Services
Learn how financial services leaders are modernizing content systems without disrupting trust, compliance or experience.
Watch Now
Webinar
Darts
On demand
From AI Investment to CX Results: What Enterprise Leaders Need to Know
Move beyond experiments. See how top enterprises scale AI for CX results.
Watch Now
Webinar
Leadership and survival
On demand
Content Strategy Leaders Live: Managing Scale, Safety & AI in Manufacturing
How manufacturing leaders update content systems to handle product complexity and scale while integrating AI safely.
Watch Now
Webinar
Rocket Science
Jun
16
From Legacy to Launch-Ready: How Gainbridge Made Its Website a Marketing-Led Growth Engine
Join in to learn how a D2C annuity brand gave marketing full website ownership — without slowing down or risking compliance.
Register
Webinar
Legacy
Jun
30
How Modern Marketing Is Exposing the Limits of Legacy CMS
Why marketers are rethinking CMS workflows that slow publishing, personalization and campaign execution.
Register
Webinar
Prove the significant result not only in soccer
Jul
14
Content Leaders Collective: Proving Content’s Business Impact
Join us as top content leaders look beyond the buzzwords to share how they actually prove ROI and scale what works.
Register

Security is the conversation that makes AI transformation possible. The platform that connects these workflows is what makes both possible at the same time.

fa-solid fa-hand-paper Learn how you can join our contributor community.

About the Author
Brandon Roberts

Brandon Roberts is the group VP of people analytics and AI at ServiceNow, a business transformation company based in Santa Clara, California. Roberts has 20 years of experience in people analytics, AI/ML and workforce planning. He has spent his career building and leading teams in these spaces at ServiceNow, Pinterest and Qualcomm. Connect with Brandon Roberts:

Main image: SasinParaksa | Adobe Stock
Tags
hrai accessdata managementdata securityai governanceai security risksai modelsai agents
Featured Research
Featured research
Research Report
The AI Transformation 100: Concrete Ideas for Fixing How We Work
100+ enterprise leaders, technologists and researchers share practical strategies for moving AI from experimentation to sustained operational impact
Featured research
White Paper
The Path to AI ROI: What CIOs Are Doing Differently
100+ IT leaders and professionals in the United States share insights on how to use AI to drive operational efficiency, business growth and competitive advantage
Featured research
Research Report
Mind The Agentic Action Gap: Stop Losing Money With AI Agents
Only 15% achieve real AI ROI — is your enterprise closing the action gap?
Featured research
Research Report
What Will Humans In The Loop Do?
A primer for the future of humans in the loop working with AI agents.
Featured research
White Paper
Why Enterprise AI Fails at Scale
A data readiness framework for leaders preparing generative and agentic AI for real-world autonomy
Featured research
Research Report
Designing AI-First Systems for Customer Access
What conversational AI reveals about orchestration, workflow redesign and execution at scale
Featured research
Research Report
Power Personalized CX with AI That Remembers What Customers Don’t Want to Repeat
What high-scale AI systems reveal about context, orchestration and why most AI fails between experimentation and execution.
Featured research
eBook
The Hidden Impact of AI in the Contact Center
AI’s biggest impact isn’t always flashy—it’s the smarter, quieter stuff that actually moves the needle.
Featured research
eBook
From Reactive to Ready: Scaling Contact Center Ops with WFM That Works
When customer demand shifts by the minute, your workforce strategy needs more than spreadsheets and guesswork it needs agile, AI-powered WFM built for digital service.
Featured research
Research Report
Unlocking the Potential of Artificial Intelligence in Digital Customer Experience
Insights and Trends from Organizational Adoption
Featured research
Research Report
Artificial Intelligence and The Digital Workplace: Altering the Future of Work
Nearly 1,400 executives give us their thoughts on AI, machine learning and new generative AI tools