Nearly half of Brits willing to breach company data security

Nearly half of UK employees polled in a recent study said that they would abuse sensitive corporate and customer data if given the chance.

The study, commissioned by data security firm SailPoint, found that UK workers are far more willing than their counterparts in the US and Australia to admit to taking records, snooping on salary and performance reports and forwarding files to outside sources.

The poll of 3,484 full-time, part-time and contract workers across the three countries found that 23.67 per cent of Brits would be willing to sell proprietary data on the internet.

By comparison, just 5.32 per cent of Americans and 4.21 per cent of Australians surveyed would be willing to perform the same activity.

Some 29 per cent of UK respondents would look at employee salary information, while 28.98 per cent would check on performance reviews. Overall, just 51.97 per cent of respondents would only perform tasks that their company allows.

SailPoint co-founder and vice president of marketing Jackie Gilbert told V3 that the significantly higher numbers in Britain could have been influenced by a number of factors, such as a willingness to honestly answer the questions or poor morale.

"What makes this a threat is really influenced by the erosion of company loyalty," she said. "Clearly, employee loyalty and hard times economically could cause the kind of answers you are seeing."

One trend that Gilbert noted worldwide is an ignorance of data protection and privacy laws. Activities such as copying data when leaving a company remain something of an ethical grey area for many employees, she said.

To help remove any doubt, Gilbert urged companies to make it explicitly clear to employees that abusing company data is illegal and will result in prompt action.

Even with stronger policies in place to restrict data access, however, enterprises risk data breaches from internal sources. Gilbert warned that staff can fall through the cracks and end up with access to sensitive information.

"Most companies are only giving access in order for people to perform their job," she said.

"But in a large company with thousands of employees and hundreds of applications, it's a very difficult administrative task to manage who has access to what."