In response to the survey, 49% of US workers and 52% of British workers admitted they would take some form of company property with them when leaving a position: 29% (US) and 23% (UK) would take customer data, including contact information; 23% (US) and 22% (UK) would take electronic files; 15% (US) and 17% (UK) would take product information, including designs and plans; and 13% (US) and 22% (UK) would take small office supplies. Interestingly, employees don't perceive the recent recession as greatly influencing propensity to steal: 45% of the US and 48% of the UK respondents felt that a coworker's tendency to steal from an employer has not been influenced by the recession.
"Companies should be gravely concerned with these survey responses," said Jackie Gilbert, vice president of marketing and cofounder at SailPoint. "I believe the survey illustrates that many employees may not believe that taking company data is equivalent to stealing. It highlights what I call a 'moral grey area' around ownership of electronic data. We see this in the fact that there are more workers who are comfortable taking various forms of company data, such as customer contact information, than workers who would take a stapler. As frequently as employees move to competitive companies, these attitudes are major red flags for employers."
The Market Pulse Survey also asked workers what they would do if they were inadvertently granted access to a confidential file (such as one containing salary information, personal data, or plans for a pending merger). 45% of US and 57% of UK respondents said they would look at the file, while 36% (US) and 27% (UK) said they would not look but would alert a manager to the mistake. Very few workers (1% in the UK and less than 0.5% in the US) stated that they would attempt to sell confidential data found in improperly secured files, although 2% (US) and 3% (UK) said they would look and tell others about the information they saw.
"The survey highlights an ongoing challenge that companies face: how to balance business risk with the need to give employees access to sensitive applications and data in order to perform their jobs," said Gilbert. "As a starting point, companies need to clearly define policies in this area and educate workers about treatment of confidential data. Step two is to strictly limit and control what applications and data are accessible and to put automated systems in place to promptly remove access when an employee transfers roles or leaves the company. As a step three, companies should conduct quarterly access reviews to ensure that employees truly need the access privileges they have – especially for highly sensitive systems. Companies may also need to monitor the activity of employees who access highly confidential data in order to prevent incidences of fraud or data breaches."
Harris Interactive Survey Methodology
SailPoint's Market Pulse Survey was conducted online by Harris Interactive among a total of 3,517 adults (2,542 age 18+ in the United States from June 24 to 28, 2010 and 1,065 age 16-64 in Great Britain from June 29 to July 5, 2010). Among these, 1,594 employees with access to their employer's/client's IT systems participated in the survey:
* Unweighted bases for the survey are: Total (3,517); US (2,452); US Employed With Access To Employer's/Client's Computer Systems (1,006); Great Britain (1,065); GB Employed With Access To Employer's/Client's Computer Systems (588). * Weighted bases for the survey are: Total (3,517); US (2,542); US Employed With Access To Employer's/Client's Computer Systems (1,000); Great Britain (1,065); GB Employed With Access To Employer's/Client's Computer Systems (548).
Figures for age, sex, education, region and Internet usage were weighted where necessary to bring them into line with their actual proportions in the population. The online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. The complete survey methodology, including weighting variables, is available upon request.
SailPoint, a leader in identity management, helps the world's largest organizations to mitigate risk, reduce IT costs and ensure compliance. The company's award-winning software, SailPoint IdentityIQ™, provides superior visibility into and control over user access to sensitive applications and data while streamlining the access request and delivery process. As the industry's first business-oriented identity governance suite, IdentityIQ quickly delivers tangible results with risk-aware compliance management, closed-loop user lifecycle management, flexible provisioning, an integrated governance model, and identity intelligence. Visit www.sailpoint.com to learn more.