03 Aug

A new report by Code42 that surveyed 1,634 senior company employees in the UK, US and Germany, has found that most CEOs take what they regard to be their Intellectual property (IP) with them when they leave a company.

It Belongs To Me

The Code42’s 2018 Data Exposure Report appears to show what amounts to an admission of theft on a large scale by departing CEOs, with 72% admitting to taking IP with them from previous employers upon joining a new organisation.

The figures from the survey show that the justification for taking the IP with them is a belief that the ideas are their property. For example, 79% of those CEOs surveyed said that they believe their work and ideas simply belonged to them.

My Time Went Into It

Far from thinking that they were on the company’s time (and pay), the report appears to show that most CEOs believe that their reason for their belief in their ownership of IP comes from a belief that the IP was developed on their time. For example, 59% agreed that their time, not the company’s, went into the end product, and just under half said that they actually felt that they had imparted a bit of themselves into their ideas.

Emotional Threat

The kinds of responses given by the CEOs in the survey appear to indicate, therefore, that emotionally-driven decisions at the highest level can pose a threat to a company’s overall security.

Stored On Personal Device

Even though many employees may be subject to a policy of not storing company information on personal devices, memory sticks etc because of the potential security risk it poses to the company, it seems that most CEOs don’t see themselves as a risk in this way. For example, 93% of CEOs have admitted to keeping copies of their work beyond the remit of their company’s security network e.g. on a personal device or personal cloud storage. 68% of them even agreed that there was a risk to the company in doing so, which indicates that they saw themselves as an exception to a known risk.

Disconnect From Reality

The survey and report highlighted another apparent disconnect from reality as 82% of business leaders appear to believe that IT can protect information it cannot see.

What Does This Mean For Your Business?

The worrying irony of this report is that while most businesses see threats to their IT and data security as most likely to come from hackers, viruses, employee error and even the actions of disgruntled former employees when, in fact, one of the biggest threats to a company may come from the top.

CEOs are likely to be those who hold all the secrets to a company’s competitive advantage, as well as its financial situation, future strategies, skeletons in closets, and most valuable business relationships, and yet they may see themselves as being above the normal security policies and rules. For all the money, time and effort that a company puts into increasing its cyber resilience, one weak link could be the mistaken attitudes and beliefs of the CEO.

Unfortunately, the authority of CEOs can’t generally be challenged from those further down the company hierarchy, and their behaviour and IT practices may not be monitored and controlled in the same way, thereby meaning that they risky behaviour goes unchallenged, and allows them to steal IP in the way they have admitted in the survey.

Part of the value of this kind of survey to businesses is, therefore, to help show emotional forces can drive risky behaviour, and in helping to expose possible ‘disconnects’ within an organisation that can create data security vulnerabilities.