71% of IT leaders have said that the ‘Great Resignation’ has increased security risks in their organizations, according to a survey of 2,000 employees in UK and US businesses, from Tessian.
Data also revealed that 45% of IT leaders have already seen incidents of data exfiltration increase in the last year, as people took data when they left their jobs. In fact, 29% employees admitted to having taken data with them when they quit.
Employees in marketing teams are most likely to take data with them when leaving their job, with 63% of respondents in this department admitting to doing so. This was followed by HR (37%) and IT teams (37%).
When asked why they took the data when they left the company, the top reason – cited by 58% of workers – was that the information would help them in their new job. 53% said that because they worked on the document, they believed the information belonged to them, while 44% said they took the data to share it with their new employer.
Security risks brought by the Great Resignation
With 55% of respondents revealing that they’re thinking about leaving their jobs in 2022, and with 39% of workers currently working their notice or actively looking for a new job in the next six months, the figures illustrate the pressure IT and security teams are under to keep company data safe during the Great Resignation.
Josh Yavor, CISO at Tessian comments: “It’s a rather common occurrence for employees in certain roles and teams to take data when they quit their job. While some people do take documents with malicious intent, many don’t even realise that what they are doing is wrong. Organizations have a duty to clearly communicate expectations regarding data ownership, and we need to recognise where there might be a breakdown in communication which has led to a cultural acceptance of employees taking documents when they leave.
“The Great Resignation, and the sharp increase in employee turnover, has exposed an opportunity for security and business leaders to consider a more effective way of addressing insider risk. It comes down to building better security cultures, gaining greater visibility into data loss threats, and defining and communicating expectations around data sharing to employees – both company-wide and at departmental level. Being proactive in setting the right policies and expectations is a key step before investing in preventative controls.”