Just in time for Catalyst, we announced our latest Market Pulse Survey, which focused on employee compliance with corporate policies around proprietary data. Our intent was to identify insider behaviors or attitudes that place enterprises at risk. And while I was expecting the survey to reinforce the need for identity governance, I was more than a bit surprised by some of the results.
Working with Harris Interactive, we polled 3,484 employees across the United States, Great Britain and Australia. A significant number of respondents openly admitted they would abuse proprietary and sensitive information. I want to share some of the survey’s results with you, as well as the primary takeaway from each.
First, 22% of US, 29% of Australian and 48% of British employees openly admitted they would misuse data they have been granted access to (either intentionally or mistakenly). This includes:
- 9% of US, 8% of Australian and 24% of British employees would take the data themselves when leaving a job; and
- 10% of US, 12% of Australians and 27% of British employees would forward to someone else, like a former colleague.
I wrote last year about the “moral gray area” around theft of company data. Many employees may believe they own – or at least share ownership – of corporate data they have been working on. Clearly, the survey highlights the need for companies to have corporate policies in place to educate employees about what is and is not allowed, and to have IT controls in place to enforce them. A company may be comfortable with employees taking samples of their portfolio of work with them, but taking customer data or product designs is clearly not allowable.
The most shocking survey finding was that 24% of Britons openly admitted they would sell proprietary data online if they could, compared to 5% of Americans and 4% of Australian. This willingness to profit from access to proprietary data is quite alarming. We got an interesting take on this finding from journalist Jared Wade of Risk Management: “I’m not sure whether U.K. employees are more devious or just more honest, but even the lower totals in the United States and Australia show the enormity of the risk. That’s just a ton of people who have no qualms about leaking — if not outright thieving — data.”
Bottom line: we as organizations need to be vigilant about managing the risk of insider sabotage or fraud. It’s critical to educate employees on corporate data policies and to institute preventive and detective controls to help safeguard data. As the survey shows, the insider threat remains very real, but that risk can be mitigated with identity governance solutions like SailPoint IdentityIQ. Identity governance provides a centralized view into an organization’s identity data and helps to limit and control employee access to sensitive data and applications.
After reading through the Market Pulse Survey results, how do you think your employees would respond?