Categories
Latest News

Warning that corporate data theft is on the increase

An analysis of recent cases by law firm Mishcon de Reya and KPMG shows that corporate data theft cases in the UK have doubled between 2006 and 2008.
 
In the current uncertain times, the theft of business sensitive and confidential information by employees is a real threat to companies. With redundancies being made across all sectors in the UK along with rising job insecurity, more and more employees are using the confidential information they have obtained with their current employer in order to give them the edge in the increasingly difficult job market. In 70% of the analysed cases, the perpetrator(s) were employees who moved to work for a competitor company.
 
Furthermore in 75% of all cases analysed, the data stolen was customer or client-related information (relating to customer relationships, levels of trading, pricing information, profit margins and so on) or customer lists. Financial information, such as management accounts, business plans, projections and forecasts represented 14% of thefts.
 
The analysis shows that those who were caught stealing data justified their actions either by claiming that the information was already in the possession of the competitor (60%) or that the information was already in the public domain (30%).
 
Hitesh Patel, partner in KPMG’s Forensic Group says: “These findings highlight the challenges of defining what data within your business should be considered proprietary and also when and why it may be construed as public information.  Companies need to consider how vulnerable they are to this kind of misconduct by employees and ensure that they have everything in place to prevent or fight information theft.”
 
The study also shows that in 93% of cases, employees had already left the employer before the thefts were discovered. The restrictive covenants the company had put in place into employment contracts to protect their data seemingly had little deterrent effect because in 69% of cases, these were breached by those stealing data. Tightly drafted restrictive covenants were key in obtaining restraining orders against offenders after the data theft had taken place.
 
Dan Morrison, partner in Mishcon de Reya’s Fraud & Insolvency Group continues: “The stolen data has often limited shelf life and employees realise that they have to use the information quickly or they will lose their competitive advantage. Therefore when data theft is discovered or suspected, swift action is needed. At Mishcon de Reya the average time taken in a case of this nature from instruction to legal relief whether in the form of restraining injunction, undertakings, damages or apologies was just over 2.5 weeks.”
 
The research shows that this crime is a problem across many business sectors particularly the finance and construction industries. Mishcon de Reya and KPMG also analysed the worst perpetrators and discovered that 69% of the theft instances reviewed where carried out by either males operating alone or by groups of male employees. Only 22% were committed by women or group of women and 9% involved both males and females. It is also the case that, with many workers uncertain about their jobs, the financial pressure continues to mount. This can result in a rise in employees tempted to act improperly and against the interest of their employer to preserve their own financial wellbeing.
 
Morrison says: “The theft of sensitive and confidential information from businesses is happening right now all over the UK and on an ever increasing scale. The Financial Services industry is likely to bear the brunt of this with widespread redundancies and rising jobs insecurity. City institutions are also having to leave large numbers of disenchanted employees in situ in order to comply with EU Employment law regarding the reduction of head count.  History tells us that in difficult economic times, incidents of dishonesty rise. These factors combined provide opportunities for disgruntled or anxious employees to behave in a way that is not welcomed by management.”
 
The most common method for employees to transfer stolen data is via email. In 46% of the cases examined this was used as the primary route to improperly removing proprietary data from the business.  Taking hard copy print-outs of data was the method used in 22% of cases.  Surprisingly the use of USB memory sticks, data CDs or DVDs was only present in 9% of cases.
 
Hitesh Patel continues: “We expect to see an increase in the misuse of newer technologies in data theft such as smart phones, iPods, digital cameras and other types of digital media.  Social networking sites have also provided data thieves with a way to remove data in some of the cases we have analysed.”
 

One reply on “Warning that corporate data theft is on the increase”

Interestingly this highlights something we all probably know; that although the perimiter is secure it's the threats from inside that are often not addressed. Disgruntled employees are nothing new, as is the fact that some things never change …
In too many law firms, despite implementation of security systems and the fact that deliberate breaches of security protocols are regarded as disciplinary issues, the biggest threat often comes from the partnership itself; we all know of Partners who leave post-it notes with passwords on and who give away their credentials to secretaries and other 'underlings'. Mention using social engineering to address the problem and you get shot down, as no firm wants to expose the worst culprits – the Partners themselves.
Of course the removal of data itself is not always useful, as it is often the analysis of data that yields the most interesting information. Unsurprisingly many law firms sit on a gold mine of data that can be usefully analysed to help them manage their business better, yet many do not bother to do so.
The combination of lax security, data extraction and then useful analysis by a competitor is the thing to really be feared.

Comments are closed.