The Code42 2018 Data Exposure Report, which featured responses from nearly 1,700 security, IT, and business leaders from the U.S., UK, and Germany, included some alarming findings about the behaviors of CEOs and business leaders regarding valuable corporate data. Among other things, the study found:

  • 79% of CEOs and 65% of business leaders responded that work they do while employed belongs to them, despite corporate policies stating to the contrary;
  • 72% of CEOs, 71% of CMOs, and 49% of business leaders admitted to taking intellectual property from their previous employers; and
  • 93% of CEOs and 79% of business leaders acknowledged keeping copies of their work on personal devices outside of official company storage.

Such conduct indicates that corporate data is subject to misappropriation at all levels, and even employees who understand the importance of such data can create risk for the company. Furthermore, these statistics indicate that high-level employees not only create risk for their former employer, whose data they have taken, but they create risk for their new employer who could be named as a defendant in a lawsuit related to such misappropriation. Interestingly, despite these statistics, the respondents identified malicious insider attacks as only the third highest security risk (behind ransomware and phishing/whaling attacks) for their companies.

TIP: Protocols for controlling the storage of data and monitoring the egress of data must be implemented in a robust manner at all levels of the company, including for C-suite executives.