Cyber-Ark has published a new survey, based on interviews with 600 workers in Londons Canary Wharf and New Yorks Wall Street, entitled The global recession and its effect on work ethics. It reveals a widespread acceptance of the practice of stealing corporate data when leaving a company. How should we react to these results?
The survey reveals the state of mind of employees
The survey shows that there is a wide gulf between attitudes and the law. Of the 600 interviewees, 300 in each location, 41% admitted to having taken sensitive information to a new job and 33% were prepared to pass information to a friend or family member to help them get a job. Interviewees had considerable anxiety about their current job security, with widespread willingness to work long hours or take a pay cut to keep their job, although worry about redundancy has reduced in the last year. Sixty-four percent of those planning to steal information regarded this action as part of a contingency plan in case of redundancy, while the others planned to use the information more aggressively in bargaining with employers. Customer data topped the shopping list, but surprisingly only 29% of respondents took this information, while commercial plans, product information and user IDs and passwords were also taken. The latter items were taken to allow continued access to corporate systems after the person had left the organisation.
The results should be interpreted in context
The two locations chosen for this survey are hot spots for high-earning professionals in the financial services sector. Businesses in these areas are experiencing a very volatile business climate and their employees are noted for their ambition and materialism. A similar survey of the entire national workforce would be likely to show a less aggressive profile.
Governance needs to be overhauled
Surprisingly, 57 per cent of respondents said it is getting easier to steal information from their employer, probably as a result of new technology and of reduced supervision due to the recession. This shows that the increasing amount of regulation and compliance is failing to secure corporate data across the organisation.
The problem lies in business culture
Cyber-Arks argument, unsurprisingly, is that organisations should be doing more to protect their data. We concur with this suggestion, but enhanced technology is only one part of the solution and will not solve the problem alone.
The fundamental problem lies in business culture, where people are hired more for their contacts and for the information they bring with them than for their innate abilities. The problem of data theft would vanish if organisations refused to buy confidential information that rightly belongs to another organisation. The worlds organisations will never agree to forego these bad practices while current hiring practices remain, because temptation will always be too great. As long as there is a lucrative market for the commodity desperate people will supply the need, just as with any other form of stolen or illegal commodity such as drugs or endangered animals.
Sign up for Computerworld eNewsletters.