Well I guess that’s an improvement vs Monday’s article – based upon a survey conducted by Fujitsu – that concluded the answer was ‘not a lot‘.
Research from Clearswift, published today, puts an altogether different, much rounder, but still undoubtedly disappointing figure on the value of corporate data, as perceived by a number of employees.
In a poll encompassing more than 500 internet technology decision makers and 4,000 employees across Australia, Europe and the US, Clearswift discovered that a quarter of employees would risk their jobs and jail time if someone offered them $8,000 (about £5k) or more in return for company secrets.
If that doesn’t sound good, get this: three percent of those surveyed said they’d give up corporate data for as little as $155 (less than £100).
Just over a third (35%) were open to the possibility of bribery but put a much higher price on their cooperation: $77,500.
Fortunately, the survey did discover that 65% of its sample list were apparently honest, saying they wouldn’t give up company data at any price. Wahay!
Clearswift’s Chief Executive Officer, Heath Davies, had this to say:
While people are generally taking security more seriously there is still a significant group of people who are willing to profit from selling something that doesn’t belong to them.
This information can be worth millions of dollars.
A case in point of the true value of data is the recent Ashley Madison hack, where user data was accessed by a member of their extended enterprise (part of their technical services team) according to the site’s CEO; the effects of which have been monumental. The site announced earlier this year that it hoped to raise $200 million in an initial public offering this year and it may have lost out on this opportunity reducing the value of its entire business. This attack has also had a ripple effect on its sister sites. It is important for companies to understand the risk and address it appropriately – this research can help them do that.
One of the key problems, Clearswift says, is the ease with which potentially unscrupulous employees can get their grubby little mits on valuable data in the first place – 61% of the respondents said they had access to private customer data, 51% could access financial data, and 49% had access to sensitive product information and other critical business data.
Perhaps such figures should prompt some hard thinking among the organisations represented within the survey, huh?
Much like the findings I wrote about on Monday, the gist of Clearswift’s survey surrounds attitudes toward data and security – only 29% of employees felt that company data was their responsibility and 22% were quite adamant that it wasn’t something they should concern themselves about at all, prompting Davies to say:
It is not good business to live in fear of your employees, especially since most can be trusted.
Getting the balance right has always been hard. But truly understanding where the problems come from, combined with advances in technology which can adapt to respond differently to different threats, really changes the game here.
I personally agree that most employees can be trusted (sure, many are opportunist stealers of pens and staples, but not data, at least not in my opinion), but I also believe that trust is largely irrelevant in this situation, the issue lies somewhere else – in security awareness and training.
So the question is, what are you doing to ensure that your staff do place a high value on your corporate data? Are you involving them in the business enough and giving them some education and direction, or are you continuing to grant access to too much data to too many people who aren’t really bothered about keeping it to themselves?