Analysis by law firm Mishcon de Reya and KPMG shows that corporate data theft cases in the UK have doubled between 2006 and 2008.

In the current uncertain times, the theft of business sensitive and confidential information by employees is a real threat to companies. With redundancies being made across all sectors in the UK along with rising job insecurity, more and more employees are using the confidential information they have obtained with their current employer in order to give them the edge in the increasingly difficult job market. In 70 percent of the analysed cases, the perpetrator(s) were employees who moved to work for a competitor company.

Furthermore in 75 percent of all cases analysed, the data stolen was customer or client-related information (relating to customer relationships, levels of trading, pricing information, profit margins and so on) or customer lists. Financial information, such as management accounts, business plans, projections and forecasts represented 14 percent of thefts.

The analysis shows that those who were caught stealing data justified their actions either by claiming that the information was already in the possession of the competitor (60 percent) or that the information was already in the public domain (30 percent).

Hitesh Patel, partner in KPMG’s Forensic practice, says: “These findings highlight the challenges of defining what data within your business should be considered proprietary and also when and why it may be construed as public information. Companies need to consider how vulnerable they are to this kind of misconduct by employees and ensure that they have everything in place to prevent or fight information theft.”

The study also shows that in 93 percent of cases, employees had already left the employer before the thefts were discovered. The restrictive covenants the company had put in place into employment contracts to protect their data seemingly had little deterrent effect because in 69 percent of cases, these were breached by those stealing data. Tightly drafted restrictive covenants were key in obtaining restraining orders against offenders after the data theft had taken place.

Dan Morrison, partner in Mishcon de Reya’s Fraud & Insolvency Group, continues: “The stolen data has often limited shelf life and employees realise that they have to use the information quickly or they will lose their competitive advantage. Therefore when data theft is discovered or suspected, swift action is needed.”

The research shows that this crime is a problem across many business sectors particularly the finance and construction industries. Mishcon de Reya and KPMG also analysed the worst perpetrators and discovered that 69 percent of the theft instances reviewed where carried out by either males operating alone or by groups of male employees. Only 22 percent were committed by women or group of women and 9 percent involved both males and females.

It is also the case that, with many workers uncertain about their jobs, the financial pressure continues to mount. This can result in a rise in employees tempted to act improperly and against the interest of their employer to preserve their own financial wellbeing.

The most common method for employees to transfer stolen data is via email. In 46 percent of the cases examined this was used as the primary route to improperly removing proprietary data from the business. Taking hard copy print-outs of data was the method used in 22 percent of cases. Surprisingly the use of USB memory sticks, data CDs or DVDs was only present in 9 percent of cases.

Hitesh Patel continues: “We expect to see an increase in the misuse of newer technologies in data theft such as smart phones, iPods, digital cameras and other types of digital media. Social networking sites have also provided data thieves with a way to remove data in some of the cases we have analysed.”

Download the full report (PDF)

•Date: 19th May 2009• Region: UK •Type: Article •Topic: ISM news
Rate this article or make a comment - click here