Nearly three quarters (71 per cent) of IT leaders have said that the ‘Great Resignation’ has increased security risks in their organisations, according to a new survey of 2,000 employees in UK and US businesses, from Human layer security firm, Tessian. The data from Tessian also revealed that 45 per cent of IT leaders have already seen incidents of data exfiltration increase in the last year, as people took data when they left their jobs. In fact, one in three (29 per cent) employees admitted to having taken data with them when they quit.
Employees in marketing teams are most likely to take data with them when leaving their job, with 63 per cent of respondents in this department admitting to doing so. This was followed by HR (37 per cent) and IT teams (37 per cent).
When asked why they took the data when they left the company, the top reason – cited by 58 per cent of workers – was that the information would help them in their new job. 53 per cent said that because they worked on the document, they believed the information belonged to them, while 44 per cent said they took the data to share it with their new employer.
With 55 per cent of respondents revealing that they’re thinking about leaving their jobs in 2022, and with two in five (39 per cent) workers currently working their notice or actively looking for a new job in the next six months, the figures illustrate the pressure IT and security teams are under to keep company data safe during the Great Resignation.
Josh Yavor, chief information security officer at Tessian comments: “It’s a rather common occurrence for employees in certain roles and teams to take data when they quit their job. While some people do take documents with malicious intent, many don’t even realise that what they are doing is wrong. Organisations have a duty to clearly communicate expectations regarding data ownership, and we need to recognise where there might be a breakdown in communication which has led to a cultural acceptance of employees taking documents when they leave.
“The Great Resignation, and the sharp increase in employee turnover, has exposed an opportunity for security and business leaders to consider a more effective way of addressing insider risk,” Josh adds. “It comes down to building better security cultures, gaining greater visibility into data loss threats, and defining and communicating expectations around data sharing to employees – both company-wide and at departmental level. Being proactive in setting the right policies and expectations is a key step before investing in preventative controls.”