When thinking about information risk, most people will visualise an attack by a faceless hacker, the shady cyber-criminal outside the organisation who profits by stealing good ideas. The real risks often come from much closer to home.
Disgruntled employees can be a serious source of information risk. One upset worker is capable of wreaking havoc on your company, as Ascentor’s latest research project shows.
More than half of employees “willing to sabotage their company”
We recently asked One Poll to conduct a nationwide survey into employee behaviour on our behalf. We had a feeling that a significant number of respondents would be willing to sabotage the company they work for as an act of revenge. Our hunch proved correct. One Poll found that more than half of all employees surveyed were prepared to deliberately compromise their company if they felt they had an axe to grind.
“57% of employees are willing to compromise their employer through a conscious act of sabotage.” One Poll research for Ascentor
Not being paid enough, a lack of respect from the boss, being passed over for promotion or being made redundant were given as the main motives. A bitter seven per cent of the workforce confessed they already HAD thrown a spanner in the works to get their own back.
Key findings from our research
- Main motives: not being paid enough (27%) is only marginally ahead of lack of respect from their employer/a personality clash, which one in four people selected (25 per cent).
- More than a fifth of people (21%) admitted they would be prepared to compromise their company if they missed out on a promotion. At 15 per cent, redundancy is the lowest motivation for sabotage.
- Women were found to be more loyal than men, with nearly half (46 per cent) of women saying they wouldn’t compromise their company, compared to 40 per cent of men.
- Sending information to rivals (25 per cent) and deleting or moving valuable files/information (22 per cent) is the most popular means of sabotage for men.
- Women, however, are more likely to spread malicious gossip (21 per cent) than use technical means.
7% had already compromised their company
The survey of 1,000 employees across the UK revealed that seven per cent of people have already wilfully compromised their company.
This figure of 7% is really alarming. There are 29.1 million people in the UK workforce, which could equate to more than two million people who have already deliberately sabotaged your business. You might not even know about it yet. And we’re not just talking about swapping the gherkin for the mayo jar. We’re talking about tampering with one of your most important assets your business information.
Methods of sabotage revealed in the survey included one employee who sabotaged the company’s patent application worth millions in revenue by sending previous artwork to the Intellectual Property Office.Another manipulated a tender process by doctoring quotations from contractors.
The consequences of this sort of information sabotage are frightening, with some of the people we surveyed in high-impact jobs like finance (10%), computing, electronics and telecoms (11%), and government/public sector jobs (7%).
These findings highlight a potential hole in the information security policies of companies up and down the land, where the focus on cyber threats can often lead to internal threats being overlooked.
Whilst protecting your company from a faceless hacker is important, thinking about that disgruntled employee is equally crucial to your information security. We advise all businesses to understand the real threats to their information before selecting the right mix of information security controls.
For an introduction to the key areas of information risk from every angle of your business, download Ascentor’s free guide, The Board’s Guide to Information Risk.
Article by Dave James, MD of Ascentor