Great Resignation Increases Security Risks For Businesses, Warns Tessian

Employment, Jobs © Luna Vandoorne Shutterstock 2012

Large scale resignations during the Coronavirus pandemic is causing security risks for businesses in the UK and US, Tessian survey finds

The Covid-19 pandemic is having a wider impact on Western businesses than first thought, new data from human layer security firm, Tessian has suggested.

It surveyed 2,000 staff in both the United States and United Kingdom and it discovered that 71 percent of IT leaders have suffered from increased security risks in their organisations due to the ‘Great Resignation’.

During the past two years of the Covid-19 pandemic, people across the world have re-examined their work-life balance, which has resulted in many people quitting their full time jobs rather than returning to the corporate workplace, in favour of remote working flexibility.

Great resignation

Last August for example, research from Upwork found that 20 percent, or 10 million American workers were considering freelancing in order to work remotely and gain more flexibility.

And now research from London-based Tessian found that 71 percent of IT leaders have admitted to increased security risks in their organisations due to the ‘great resignation’.

And even worse,the job losses is already having an impact, as the data from Tessian also revealed that 45 percent of IT leaders have already seen incidents of data exfiltration increase in the last year, as people took data when they left their jobs.

The poll revealed that one in three staffers (29 percent) have admitted to stealing data when they quit their job.

The reasons for this data theft is varied, but 58 percent said that they steal data because the data would help them in a new job. 53 percent said that because they worked on the data, they believed the information belonged to them,

However 44 percent said they stole data to share with their new employer.

Staff in marketing teams are most likely to take data with them when leaving their job, with 63 percent of respondents in this department admitting to doing so.

This was followed by HR (37 percent) and IT teams (37 percent).

Staff turnover

The poll also revealed that 55 percent of respondents are they’re thinking about leaving their jobs in 2022, and with two in five (39 percent) staffers currently working their notice or actively looking for a new job in the next six months.

These figures illustrate the pressure IT and security teams are under to keep company data safe during the Great Resignation, Tessian pointed out.

“It’s a rather common occurrence for employees in certain roles and teams to take data when they quit their job,” said Josh Yavor, chief information security officer at Tessian. “While some people do take documents with malicious intent, many don’t even realise that what they are doing is wrong.”

This sentiment is backed up by previous polls.

In 2015 for example, a OnePoll carried out on behalf of Fujtisu, found that 52 percent of staff rated their personal information as more important than their business’ data, with only 7 percent saying they considered business data more important.

And over a decade ago, a Symantec study of people who left or lost their jobs in 2008 found close to 60 percent kept corporate data after leaving their positions.

“Organisations have a duty to clearly communicate expectations regarding data ownership, and we need to recognise where there might be a breakdown in communication which has led to a cultural acceptance of employees taking documents when they leave,” added Tessian’s Yavor.

“The Great Resignation, and the sharp increase in employee turnover, has exposed an opportunity for security and business leaders to consider a more effective way of addressing insider risk,” said Yavor.

“It comes down to building better security cultures, gaining greater visibility into data loss threats, and defining and communicating expectations around data sharing to employees – both company-wide and at departmental level,” said Yavor. “Being proactive in setting the right policies and expectations is a key step before investing in preventative controls.”