Insider Threat Statistics

Steve Riley just posted an intriguing article on Insider Threat statistics, which was originally found in another article:

Survey participants in London and New York: 600

  • Departing workers who took sensitive information with them: 40%
  • Portion who would provide this information if it would help to find another job: 1/3
  • Percentage of employees who are aware of the illegality of stealing information: 85%
  • Portion of this population who do it any way: 1/2
  • Percentage who believe it will be useful it some point in the future: >50%
  • Percentage who find it easier to pilfer information this year: 57%
  • Percentage last year: 29%
  • Percentage who claimed they would take company info if fired tomorrow: 48%
  • Percentage who would download company/competitive information if their jobs are at risk: 39%
  • Portion of workers who have lost loyalty to their employers because of the recession: 1/4
  • Percentage of those who take information “just in case”: 64%
  • Percentage who would use the information in future job negotiations: 27%
  • Percentage who would use the information as tools in their new jobs: 20%
  • Those who would take customer and contact details: 29%

Stuff Stolen:

  • Plans and proposals: 18%
  • Passwords and access codes: 13%
  • Product information: 11%

Those would go out of their way:

  • Percentage of workers who would strive to find the redundancy list: 32%
  • Percentage of those who would bribe a co-worker in the human resources department: 43%
  • Who would use their own IT-granted access rights: 37%
  • Who would use personal contacts of those in the IT department: 30%

It begs the question, *why* would people be willing to do such a thing?  Is it out of spite, or lack of morality, or just plain greediness?

It’s kind of sad, actually.