- Around half have access to company IP or other information they deem above their pay grade
- Research reveals value of company information is poorly understood across the board
Theale, UK, 5 November 2015 - Clearswift, a global cyber security innovator and data loss prevention specialist, today detailed that based on its research only 39% of UK employees recognise that intellectual property (IP) could damage their company if leaked. This laissez faire attitude is particularly worrying, given many employees have both access and a relatively high propensity to lose or give away data.
44% of respondents say they have access to such sensitive IP, with 35% also saying they have access to organisation’ information that is above their pay grade.
Clearswift research also shows 35% of employees would sell IP for the right price, with 3% saying they’d consider £100, 18% at £1,000 and 29% at £10,000. Meanwhile, 12% of employees had lost or misplaced a company device containing sensitive corporate data.
The research was carried out amongst 4,000 employees split evenly across the UK, USA, Germany and Australia.
Heath Davies, CEO at Clearswift says: “The value of a company’s IP is frequently misunderstood. First off, IP comes in many guises and it’s essential for organisations to recognise ‘what’ their IP is; where it exists and who has access to it. IP is often a company’s most prized possession, if it were to fall into a competitor’s hands, or even unauthorised hands, it could cause immense financial damage to a company, or as in the case of the recent attempted US naval espionage charge, potentially result in dire effects. It is incredible that so many survey respondents say they have access to such information, yet so few seem to realise its value”.
The potential for different data forms to cause damage was widely underappreciated by UK employees. Only 53% thought financial data such as accounts would cause considerable damage to their company if leaked or somehow compromised. Customer data, e.g. contact details, came in at 50%, information on employee salaries and medical records at 45% and payment and credit card details at 39%.
A parallel Clearswift study of 500 security professionals supports these concerns: 73% believe their business will experience a serious information breach in the next 24 months, resulting from employee behavior. Despite this, 72% believe internal security threats are not treated with the same importance as external threats by the Board, and 14% say internal threats won’t be taken seriously enough until their organisation experiences a serious internal data breach.
Davies says: “All this paints a picture of a sizeable number of organisations which do not understand the value of their critical information and the risks posed, should this not be adequately protected. There is clear evidence that around half of companies do not control access to sensitive data and do not put in place proper training or proactive safeguards to prevent that data leaking.”
"The research suggests, and our experience shows, that many employees don’t appreciate the relative values of their data, but perhaps more worryingly how the Boards and Leaders of these organisations are underestimating the ramifications of not securing their critical information.”
"Most employees are not acting maliciously but their carelessness can be just as damaging. Companies need to wake up to the fact employees have the potential to cause the company huge damage through their actions, and ensure that training, policies and technology are in place to minimise that risk. Those sitting on the Board need to sit up and pay attention (only recently, Aviva sacks employee for malicious data breach); critical information needs to be governed at the highest levels or it could jeopardise the future of a company."
- Are Finance and HR professionals a security accident waiting to happen?
- Quarter of employees would sell company patents and credit card details for price of a trip to the Bahamas
Notes to editors
This data was taken from research conducted by technology research firm Loudhouse on behalf of Clearswift. Over 500 IT Decision makers and 4000 employees were polled to gauge the level of threat from insiders.
Clearswift’s content-aware, policy based solutions enables defense, government, healthcare and financial services organizations across the globe to manage and maintain no-compromise data, email, cloud and web security.
MRB Public Relations
+1 732 758 1100
+44 118 334 0220