Businesses have a one-in-three chance of losing IP when an employee quits

Employee leaving

There is 37 percent chance of a company losing IP when an employee quits, according to a new report from insider risk management company Code42.

Hot on the heels of yesterday’s report about malicious insiders, the study, carried out by Vanson Bourne, finds that cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.

There are three trends driving this; the continued adoption of cloud technologies and a lack of visibility into them. The impact of the Great Resignation and departing employees’ theft of IP and sensitive data. And an ongoing misunderstanding and poor communication between stakeholders at the board, security leadership and security practitioner levels.

Protecting corporate data from insider risks is a challenge for 96 percent of businesses surveyed. Only 21 percent of companies’ cybersecurity budgets have a dedicated component to mitigate insider risk, and 91 percent of senior cybersecurity leaders still believe that their companies’ board requires better understanding of the threat.

“With employee turnover and the shift to remote and collaborative work, security teams are struggling to protect IP, source code and customer information. This research highlights that the challenge is even more acute when a third of employees who quit take IP with them when they leave. On top of that, three-quarters of security teams admit that they don’t know what data is leaving when employees depart their organizations,” says Joe Payne, Code42’s president and CEO. “Companies must fundamentally shift to a modern data protection approach — Insider Risk Management (IRM) — that aligns with today’s cloud-based, hybrid-remote work environment and can protect the data that fuels their innovation, market differentiation and growth.”

When staff leave 71 percent of firms don’t know what and/or how much sensitive data departing employees take to other companies. That same proportion (71 percent) are concerned about sensitive data being stored outside of corporate storage where security teams lack visibility.

Hybrid and remote work are a problem too with 55 percent of respondents concerned about employees becoming lax in their cybersecurity practices when away from the office. The number is higher, 70 percent, for those in the public sector. 96 percent of respondents say they need to improve cybersecurity training.

You can read more in the full report which is available from the Code42 site.

Image credit: ijeab/

Author: Martha Meyer