In our recent Zellis webinar, How to protect payroll continuity, whatever happens, we looked at a topic that often only gets attention when something goes wrong: keeping payroll running under pressure.
Across the session, our experts focused on where payroll is most exposed today, what tends to go wrong in practice, and the simple steps that help teams stay in control.
Here are six key takeaways from the webinar.
1. Payroll is becoming more exposed
As Neville Cotton, Group Risk & Compliance Integration Director at Zellis outlined, three things have shifted at once.
Threats have got sharper, with attackers increasingly targeting payroll because it brings together sensitive data and payment deadlines. Rules have tightened, with regulators and auditors expecting more than they did even a few years ago. And teams are operating with less margin, with fewer people and less capacity to absorb disruption.
Together, these changes mean payroll is more exposed than it has been in the past.
2. When things go wrong, the causes are usually familiar
The webinar shared three real examples: a retailer compromised through stolen credentials, a payroll team impacted by the sudden absence of a key individual, and a utilities organisation affected by a system outage that led to underpayment.
Different situations, but the same outcome: payroll at risk.
Across these examples, issues consistently fall into three areas:
- Security
- Compliance
- Operational resilience
3. Security risks are preventable with the right preparation
As Russ Fray, Chief Information Security Officer at Zellis explained, most attacks are not complex. In many cases, attackers simply log in using valid credentials.
Four common routes were highlighted:
- Stolen credentials
- Phishing
- Third-party compromise
- Internal error or misuse
The controls that make the biggest difference are also well established:
- Phishing-resistant multi-factor authentication
- Clear, regularly reviewed access controls
- Separation between systems
- Tested, immutable backups
- A runbook that the team knows how to use
The emphasis throughout was on preparation.
4. Compliance comes down to clear, consistent evidence
On the compliance side, the focus was on what organisations can show, not just what they intend to do.
Expectations are increasing across areas including HMRC penalties, data subject access requests, reporting obligations, and audit trail requirements. In response, the focus is on a steady, consistent routine rather than a once-a-year effort.
One habit stood out in particular: capturing the reason behind every change at the moment it happens, with a clear record of who approved it and why. That single step helps build a reliable evidence trail over time.
5. Practical steps make a measurable difference
The session closed with a set of straightforward actions teams can take over the next few months:
- Map key dependencies
- Review access controls, including MFA
- Document critical processes
- Test continuity plans in practice
- Use diagnostic tools to identify gaps
None of these steps are complex, but they quickly highlight where attention is needed.
6. Operational resilience depends on people and capacity
Charlotte Claridge, Zellis’s Head of Payroll Assistance, highlighted that many continuity risks sit outside of technology.
Common challenges include single points of failure, loss of system access at critical points in the pay cycle, reconciliation being deferred, and teams operating at full capacity.
When these situations arise, the difference is whether there is a clear, tested approach in place and the support to keep payroll moving.
Find out more
This overview captures some of the key points from the session, but the full webinar goes into greater depth, including practical examples and audience questions.
You can watch the session on demand to explore the discussion in full by clicking here.
