- Security TWENTY Home
- Women in Security Awards
A good third, 35 per cent of employees would sell information on company patents, financial records and customer credit card details if the price was right, it is claimed. New research by Clearswift among 4,000 employees in the UK, Germany, USA and Australia, found that for £5,000 – the price of a family Caribbean holiday or less than three months of the average UK monthly wage – 25 per cent would sell such data and risk both their job and criminal convictions.
Some 3 per cent of employees would sell private information for as little as £100, rising to 18 per cent who would accept an offer of £1,000. The number of employees open to bribes increases to 35 per cent as the offer reaches £50,000. Such information can prove very valuable to competitors and criminals, and employee bribery can be an easy way in, as security systems become more sophisticated, according to the firm.
Some companies and even governments have long targeted patents and other intellectual property which can give them an edge, whilst competitors can benefit from information, such as when contracts are coming to an end. Criminals can use private information to steal money or bribe senior employees, the firm adds.
Heath Davies, Chief Executive at Clearswift, says: “Whilst people are generally taking security more seriously – 65 per cent of employees said they wouldn’t sell data for any price – there is still a significant group of people who are willing to profit from selling something that doesn’t belong to them. This information can be worth millions of pounds. A case in point of the true value of data is the recent Ashley Madison hack, where user data has been accessed by a member of their extended enterprise (part of their technical services) according to the site’s CEO; the effects of which have been monumental. The site announced earlier this year that it hoped to raise £130 million in an initial public offering in London this year and it may have lost out on this opportunity reducing the value of its entire business. The attack may have burned a hole in its prospects and has already had a ripple effect on its sister sites Cougar Life and Established Men. As such it is important for companies to understand the risk and address it appropriately – this research can help them do that.”
The opportunity to sell valuable information is exacerbated by the ready access most employees have to it. Some six in ten, 61 per cent of respondents said they had access to private customer data, 51 per cent, to financial data such as company accounts or shareholder information, and 49 per cent to sensitive product information such as planned launches and patents. Attitudes to data security were mixed, with only 29 per cent saying that company data was their personal responsibility, and 22 per cent saying they didn’t feel it was their responsibility at all.
A corresponding Clearswift survey of 504 information security professionals found 62 per cent think employees don’t care enough about the implications of a security breach to change their behaviour.
Davies adds: “It is not good business to live in fear of your employees, especially as most can be trusted. Getting the balance right has always been hard. But truly understanding where the problems come from, combined with advances in technology which can adapt to respond differently to different threats, really changes the game here. Organisations need to find ways to control where sensitive data is stored and put safeguards in place which prevent it from leaving the company network. Many Companies do this but a lot of large companies with very valuable data do not.”
The data was taken from research by technology research firm Loudhouse on behalf of Clearswift. Over 500 IT Decision makers and 4000 employees were polled.