Third of Employees Admit to Exfiltrating Data When Leaving Their Job
Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian.
The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organizations.
In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left.
The survey of 2000 UK workers also looked at employees’ motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%).
The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%).
The research also found that 55% of workers are considering leaving their jobs in 2022, while two in five (39%) are currently working their notice or actively looking for a new job in the next six months, meaning organizations remain at high risk of data exfiltration.
Josh Yavor, chief information security officer at Tessian, commented: “It’s a rather common occurrence for employees in certain roles and teams to take data when they quit their job. While some people do take documents with malicious intent, many don’t even realize that what they are doing is wrong. Organizations have a duty to clearly communicate expectations regarding data ownership, and we need to recognize where there might be a breakdown in communication which has led to a cultural acceptance of employees taking documents when they leave.
“The great resignation, and the sharp increase in employee turnover, has exposed an opportunity for security and business leaders to consider a more effective way of addressing insider risk. It comes down to building better security cultures, gaining greater visibility into data loss threats and defining and communicating expectations around data sharing to employees – both company-wide and at departmental level. Being proactive in setting the right policies and expectations is a key step before investing in preventative controls.”
A study last year found that over three-quarters (78%) of insider data breaches involved unintentional data exposure or loss rather than any malice.
More Stories
Microsoft Promises to Keep European Cloud Data in Europe
Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe Read More
Brits Lose £106m to Romance Fraud in a Year
New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024 Read...
What Is Cyber Risk
Did you know that it is estimated that 45% of organizations worldwide will have suffered attacks on their software supply...
Threat Actors Target Victims with HijackLoader and DeerStealer
Cyber-attacks using HijackLoader and DeerStealer have been identified exploiting phishing tactics via ClickFix Read More
Archetyp Market Shut Down in Europe-wide Law Enforcement Operation
Operation DEEP Sentinel has shut down Archetyp Market, the longest-running dark web drug marketplace Read More
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus
Nessus users should update patches as soon as possible Read More