Over half of employees don’t understand weight of critical company information loss
- Around half have access to company IP or other information they deem above their pay grade
- Research reveals value of company information is poorly understood across the board
This laissez faire attitude is particularly worrying, given many employees have both access and a relatively high propensity to lose or give away data.
44 percent of respondents say they have access to such sensitive IP, with 35 percent also saying they have access to organisation’ information that is above their pay grade.
Clearswift research also shows 35 percent of employees would sell IP for the right price, with 3 percent saying they’d consider £100, 18 percent at £1,000 and 29 percent at £10,000. Meanwhile, 12 percent of employees had lost or misplaced a company device containing sensitive corporate data.
The research was carried out amongst 4,000 employees split evenly across the UK, USA, Germany and Australia.
Heath Davies, CEO at Clearswift says:
“The value of a company’s IP is frequently misunderstood. First off, IP comes in many guises and it’s essential for organisations to recognise ‘what’ their IP is; where it exists and who has access to it. IP is often a company’s most prized possession, if it were to fall into a competitor’s hands, or even unauthorised hands, it could cause immense financial damage to a company, or as in the case of the recent attempted US naval espionage charge, potentially result in dire effects. It is incredible that so many survey respondents say they have access to such information, yet so few seem to realise its value”.
The potential for different data forms to cause damage was widely under appreciated by UK employees. Only 53 percent thought financial data such as accounts would cause considerable damage to their company if leaked or somehow compromised. Customer data, e.g. contact details, came in at 50 percent, information on employee salaries and medical records at 45 percent and payment and credit card details at 39 percent.
A parallel Clearswift study of 500 security professionals supports these concerns: 73 percent believe their business will experience a serious information breach in the next 24 months, resulting from employee behaviour. Despite this, 72 percent believe internal security threats are not treated with the same importance as external threats by the Board, and 14 percent say internal threats won’t be taken seriously enough until their organisation experiences a serious internal data breach.
“All this paints a picture of a sizeable number of organisations which do not understand the value of their critical information and the risks posed, should this not be adequately protected. There is clear evidence that around half of companies do not control access to sensitive data and do not put in place proper training or proactive safeguards to prevent that data leaking.”
“The research suggests, and our experience shows, that many employees don’t appreciate the relative values of their data, but perhaps more worryingly how the Boards and Leaders of these organisations are underestimating the ramifications of not securing their critical information.”
“Most employees are not acting maliciously but their carelessness can be just as damaging. Companies need to wake up to the fact employees have the potential to cause the company huge damage through their actions, and ensure that training, policies and technology are in place to minimise that risk. Those sitting on the Board need to sit up and pay attention (only recently, Aviva sacks employee for malicious data breach); critical information needs to be governed at the highest levels or it could jeopardise the future of a company.”