Most workers would steal company data if fired

22 Nov 2010

As many as 70pc of workers admit they have clear plans to take something with them when leaving their jobs – the most popular item is intellectual property.

According to a survey by data security firm Imperva, out of the 70pc of workers who would take something with them when leaving their jobs, 27pc say they’ll steal some form of intellectual property.

Some 17pc say they’ll steal customer records.

Around 50pc claimed to have personal ownership of the data – 59pc in the case that they were about to change jobs, and 53pc if they knew they were about to be dismissed.

“This survey refutes the conventional wisdom that insiders are corporate spies or revenge-seeking employees,” explained Imperva CTO Amichai Shulman.

“It seems most employees have no deliberate intention to cause the company any damage. Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”

Ironically, 66pc of respondents would not deliberately take out employer’s data upon rumours of dismissal.

Lack of clear company policies

Some 79pc of the surveyed individuals responded that either their organisation does not have, or is unaware of, any policy to remove collected data from employees’ laptops upon their departure.

Most respondents (72pc) have admitted to taking out corporate data. This data is evenly distributed between customer records, HR records and marketing material.

More than half of the respondents claimed to have personal ownership of the data – 59pc in the case that they were about to change jobs, and 53pc if they knew they were about to be dismissed. Others considered it helpful in their next role (35pc when moving a workplace, 17pc under the knowledge of being terminated).

The vast majority (85pc) carry corporate data in their home computers or mobile devices. This data mostly consists of customer records (75pc) and intellectual property (27pc).

The survey shows that employees tend to extract information which is beyond their need to know and enterprises have practically no controls in place to prevent excessive privilege access:

  • 54pc of the respondents have accessed data outside their explicit role permissions. Customer records consisted of 50pc of individuals’ interest, while 54pc accessed files outside of their normal business privilege.
  • 73pc of survey takers replied that existing access control mechanisms around this data are easy to bypass.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com