Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.
The Great Resignation of 2021 continues well into 2022, with record high numbers of people quitting their jobs and seeking opportunities for better positions, better pay, better work/life balance and even exploring a career in a completely new industry.
According to our latest survey of 2,000 employees in UK and US businesses, 55% are considering leaving their current employer this year, with two in five (39%) workers currently working their notice or actively looking for a new job in the next six months.
HR departments are under pressure to retain employees and replace the talent they lost. But they’re not the only team feeling the strain.
Our survey also revealed that 71% of IT decision makers in US and UK organizations told us the Great Resignation has increased security risks in their company. What’s more, 45% of IT leaders say incidents of data exfiltration have increased in the last year, as people took data when they left their jobs.
They’re not wrong. One in three (29%) UK and US employees admitted to having taken data with them when they quit. The figures were much higher in the US, with two fifths of US employees (40%) saying they’d taken data with them when they left their job.
We see noticeable differences in behaviors across various departments. Employees in marketing were the most likely to data with them when they leave, with a staggering 63% of respondents in this department admitting to doing so. Employees in HR (37%) and IT (37%) followed.
Interestingly, rates of data exfiltration are much lower in highly regulated functions like accounting and finance, operations and legal. With employees in these departments having to comply with strict data regulations on a daily basis, the findings suggest that this impacts their data sharing behaviors and the security cultures in these departments. Just 16% of workers in operations and 22% in accounting and finance say they have taken data with them when they’ve left a job.
The majority of employees are not taking data for malicious purposes. The most common reason for taking data, cited by 58% of respondents, was because the information would help them in their new job. In addition, 53% believe that because they worked on the document, it belongs to them.
A significant percentage of employees (44%) said they took the information to share with their new employer, while 40% said they intended to make money from the information.
With 70% of US employees and 40% of UK employees thinking about leaving their employer this year, the pressure is on to protect the organization from insider risk.
Even if a company experiences one data exfiltration attack, the consequences can be huge. There’s a lot at stake when it comes to the data in your company’s control, particularly when you consider that the average cost of a data breach now stands at $4.24 million.
What are the causes of these phenomenal costs? Here are three factors:
Taking data when leaving an organization has become one of those culturally-accepted things that people feel they can get away with. Let’s be clear, though, this is not a reason to blame and shame employees for their actions.
Rather this is an opportunity to see how we got to this point, assess where there are gaps in our data protection policies, and determine whether policies and guidelines are being communicated effectively to employees – both company-wide and in specific departments.
By defining and communicating the company’s expectations around data sharing and data handling in the organization, and training employees on safe cybersecurity practices, security leaders can start to build stronger security cultures that reduce insider risk.
As well as greater education and training, IT and security teams also need to ensure they have visibility of the risk across all channels, particularly email. A quarter of IT leaders we surveyed said they do not have visibility into incidents of data exfiltration, and this is an important first step.
The Great Resignation shows no sign of slowing down, and people will continue to move around looking for new opportunities throughout 2022. But this is also an opportunity for IT and security teams to build a more robust data loss prevention strategy, streamline defenses against insider risk, and put a safety net in place to stop the company’s most valuable and sensitive data from falling into the wrong hands.