More than half (51%) of knowledge workers believe the risk to corporate data from departing employees is being underestimated and bigger than organisations think, while (87%) report their former employer has never approached them to verify they hadn’t taken data when they’ve left a job.
That’s according to Code42’s new Data Exposure Report, which concludes workers believe their employers aren’t protecting themselves against the departing employee insider threat and that data theft is posing a real danger to both former and new employers.
Other key findings from Code42’s new Data Exposure Report on insider threat include:
- Three-fourths (75%) of respondents say that their new employer did not ask them if they had brought data from their previous employer
- One-third (32%) of respondents who had infiltrated data were encouraged by their new employers to share it with new colleagues
- The most common forms of data taken from a previous to a new employer are examples of one’s work (38%), followed by colleagues work and financial records (both 19%)
- 17% also took customer lists or records, just over one in ten knowledge workers (14%) also took customer’s data — which could lead to a serious violation of GDPR
- Two-thirds (63%) of respondents who said they have taken data are repeat offenders
- Staff have the ability to access and therefore exfiltrate: data they didn’t create (73%), data they didn’t contribute to (69%), and 59% can see data from other departments
Code42 surveyed nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany.
“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organization is busy sharing.”