Pilfering data has become endemic

(24/11/2009)

According to a survey carried out by Cyber-Ark amongst 600 office workers in Canary Wharf London and Wall Street New York, pilfering data has become endemic in our culture as 85% of people admit they know it’s illegal to download corporate information from their employer but almost half couldn’t stop themselves taking it with them with the majority admitting it could be useful in the future.

41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job. The recession is clearly creating camaraderie amongst workforces, at the expense of their employers.

The survey entitled “the global recession and its effect on work ethics” found that almost half of the respondents 48% admit that if they were fired tomorrow they would take company information with them and 39% of people would download company / competitive information if they got wind that their job was at risk. Additionally a quarter of workers said that the recession has meant that they feel less loyal towards their employer.

However, it would seem employers have only themselves to blame as they appear pretty lackadaisical when it comes to protecting their data from their employees with 57% of respondents stating that it’s become a lot easier to take sensitive information from under their bosses noses this year, up from 29% last year.

It would seem that desperate times call for desperate measures as workers are also prepared to do almost anything to keep their jobs. In the UK just over a quarter of employees are prepared to work 80 hours a week to keep their jobs which is surprisingly higher than our US counterparts with just 12% in the US suggesting they would work that much harder to keep their job. Conversely, it’s interesting to note that 20% of UK workers are prepared to take a salary cut to keep their jobs compared with a staggering 50% of US workers.

Of those that plan to take competitive or sensitive corporate data, 64% will do so ‘just in case’ it were to prove useful or advantageous in the future, 27% would use it to negotiate their new position, while 20% plan to use it as a tool in their new job.

Top of the hit list is customer and contact details – 29%, then plans and proposals – 18%, with product information bringing up the rear – 11%. What is cause for alarm is the 13% of savvy pilferers who would take access and password codes as, with this information, they can still get into the network once they’ve left the company and continue downloading information and accessing whatever they want or need.

32% revealed that they would do their utmost to take a peek at the redundancy list to find out if their name was on it, choosing to bribe a mate in the HR department first - 43%, followed by using their own IT access rights to snoop around the network – 37%, and if this failed they would get a mate in the IT department to try and get the inside track – 30%!

Mark Fullbrook, UK Director of Cyber-Ark explains, “While we are seeing glimmers of hope in the UK and US economy, clearly employee confidence has been rocked. This survey shows that many workers are willing to do practically anything to ensure job security or make themselves more marketable – including committing a crime. While there is no excuse for employees who are willing to compromise their ethics to save their job, much of the responsibility for protecting sensitive proprietary data is the responsibility of the employer. Organisations must be willing to make improvements to how they monitor and control access to databases, networks and systems, even by those privileged users who have legitimate rights. Additional protection can be added with simple steps like frequently changing passwords and only granting access to certain information on-demand.”

The weapon of choice which people would use to download information onto remains a USB or memory stick, then printing it out onto paper, followed by emailing it to oneself comes a close third. The most astonishing statistic is that people in the UK are now less worried about their losing their jobs – 26% compared with 46% in 2008, or perhaps those that were worried are no longer employed to answer this year!

Summary of Findings
• 41% of workers admit they have taken company data with them to get their next job.
• 1 in 3 would download company data to help a friend or family get a job.
• Most use USB sticks to take information 41%, followed by paper, then emailing it to themselves.
• Quarter of workers in Canary Wharf would work 80 hours a week to keep their jobs compared with 12% in Wall Street New York.
• 20% of workers in Canary Wharf would take a salary cut to keep their jobs compared with 50% of their US counterparts.
• 39% of workers would take company data if they thought their jobs were at risk.
• When asked why they would take data, 64% said just in case it helped them in the future, 27% would use the information as a negotiating tool in interviews and 20% would use it in their new job.
• 57% say it’s easy to take sensitive data from their companies, last year only 29% admitted it was easy.
• Favourite information to steal is customer & contact details, followed by plans and proposals, then product information. 13% would take access & password codes as this would allow them access to information whenever they wanted it.
• Workers are far less worried about the security of their jobs compared with this time last year, with 26% admitting they are nervous about their jobs compared with 46% last year.
• 85% believe it is illegal to download company information.
• A quarter of workers feel less loyal towards their employers because of the recession.

Related topics:  Data management and data security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources