Two-thirds of UK employees don’t understand the value of business critical IP, and would not recognize that loss or theft of that data could damage their company, according to new research from Clearswift.
The stats come from wider research by the data loss prevention firm into the attitudes of 4,000 employees split evenly across the UK, US, Australia and Germany.
The figures were particularly concerning given that 44% of respondents claimed they have access to sensitive IP, while a third (35%) revealed they can access data “above their pay grade.”
What’s more, as per research conducted back in July, 35% said they’d sell that IP to a third party for the right price.
Given these figures, it’s perhaps not surprising that in a parallel study of 500 global security professionals also carried out by Clearswift, three-quarters (73%) said they thought their business would experience a serious data breach in the next 24 months.
A similar number (72%) claimed that insider risks aren’t taken as seriously by the board as external threats.
Clearswift SVP products, Guy Bunker, argued that a three-pronged approach is needed to reduce the risk of data loss: “people, process and technology.”
“Employee training and awareness is critical to begin with—what are the risks, what are the consequences of cyber-attacks? How to recognize attacks including things like phishing and what to do if they feel there is a problem,” he told Infosecurity by email.
“That brings us to policy. There is a need to ensure appropriate information security policies are in place. Today’s new working practices, including use of cloud collaboration sites and social media need to be taken into account in policies and in the process that enacts them.”
Finally, technology is needed to enforce policy and protect organizations from inadvertent data loss as well as malicious behavior, Bunker added.