Most Employees Would Pilfer Company Secrets

The majority of employees plan to steal confidential data when leaving their job, with intellectual property and customer records topping the list.

The survey of 1,026 Londoners carried out by data security firm Imperva revealed that insiders pose the greatest threat to corporate security.

Seventy percent of respondents plan to take some information with them upon leaving their job. The most sought-after data is intellecual property, followed by customer records.

However, more than half of those surveyed claimed to have personal ownership of the data – 59 percent when they were about to change jobs, and 53 percent when they knew they were about to be fired.

Others said they thought it might come in useful at their next job.

A Lack of Data Protection

Nearly four fifths of the people surveyed said the main cause of data leakage is the lack of data protection policies within UK companies.

According to Imperva, corporate data is equally distributed between customer records, HR records and marketing material.

However, most organisations do not have a policy to remove any stored data from their laptops upon departure. Many are unaware of this threat.

“This survey refutes the conventional wisdom that insiders are corporate spies or revenge-seeking employees,” explained Imperva CTO Amichai Shulman. “It seems most employees have no deliberate intention to cause the company any damage. Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”

Despite this, 79 percent of respondents claimed the lack of information control makes it easy to store any data in their home computers or mobile devices without being detected.

Meanwhile, the survey also reveals many employees seek to obtain information which they do not necessarily need.

Fifty four percent of survey takers have accessed files outside their explicit role permissions, while 73 percent managed to bypass the access control mechanisms employed by their companies.