Customer data is a highly valuable asset that is easily copied and stolen
New research from DQM Group supports the view that data theft is a common business practice, especially among departing employees.
This directors’ briefing provides:
- The main findings of the data theft research.
- Straightforward advice on reducing the risks to your organisation from data breach and theft by your employees.
We surveyed directors, senior managers and customer-facing staff in over 500 major organisations during May and June 2010.
First, we asked respondents about their views on staff taking data (such as customer and prospect details) from one company to another.
Then we briefed respondents on developments in securing customer and prospect data and asked what they thought the impact would be.
- Companies have begun ‘seeding’ their databases and contact management systems with false contacts. These contacts are actually agents who report any approaches to the company. With seeding, it’s almost inevitable that use of stolen data will be spotted and traced to the illegitimate user.
- The Information Commissioner has been given powers to fine companies up to £500,000 where a serious data breach has occurred
Staff attitudes to data theft
Most respondents in our survey believed employees often take customer data with them when they leave a company. Many didn’t think this could be prevented – and didn’t know that it is illegal.
- Over 76% of respondents believed it is common practice for sales and marketing staff to take customer contact data with them when they leave an organisation. For respondents within sales and marketing departments this rose to over 81%.
- Over 50% felt that customer information was the type of data most likely to be stolen by employees.
- Over 52% felt there is no way to spot data theft after an employee has left.
- Over 50% felt that there are no effective legal penalties for employees found guilty of data theft.
- 56% believed that stealing customer data is on the increase. This rose to 64% in medium sized organizations (299–1000 staff), and 62% in major organizations (over 2,500 staff).
- Half of all respondents felt that their companies did not adequately protect their customer data.
- Most worryingly of all, over 80% of respondents felt that staff should be allowed to take customer data with them to their next job.
Staff reaction to developments in data protection
After a briefing on new data protection solutions and penalties, respondents felt that colleagues would be far less likely to take data if their organizations showed it was thoroughly protected – and that any theft would be strongly dealt with.
70% of respondents felt that theft would decrease significantly if false contacts (‘seeds’) were added to the data to catch thieves, and if all use was monitored and the seeding was publicised to all staff.
This increased to 75% for respondents in sales and marketing roles and 74% for major organizations (over 2,500 staff).
Over 80% of respondents believe their organizations do not add seeds to data currently.Over 76% believed theft would drop significantly if companies made it clear they would take thieves to court if necessary, with guilty parties being hit with substantial fines.
Over 80% said their companies did not make them aware of new fines of £500,000 imposed for serious data breaches. This increased to nearly 85% for those in sales and marketing, the departments where there is most risk of theft.
36% of respondents thought it should not be illegal for staff to take customer details to their next job. This increased to over 47% for those in large companies (1000–2,499 staff).45% of respondents who were aware that fines exist felt that the fines are not high enough.
Implications for your organization
It should be a Board priority to ensure your organisation has the highest standard of data security, and a culture where all staff appreciate the value of data and understand that you take data security very seriously.