According to the results of a recent Osterman Research survey of 187 IT and/or HR decision makers, fully 69 percent of respondents have suffered significant data loss resulting from employees who left.
While 96 percent of respondents disable access to employees’ mailboxes when they depart, 49 percent don’t monitor access to every application and source of data the departing employee used, 47 percent don’t delete data used by the departing employee, and 28 don’t wipe corporate data from employee-owned devices when they leave the company.
“Whether it’s premeditated or simply in error, many employees leave their employers with a wide variety of data types that can include confidential or sensitive financial data, customer information and/or product, sales and marketing roadmaps, as well as other business critical intellectual property,” Osterman Research CEO and founder Michael Osterman said in a statement.
“This can leave a business organization vulnerable to regulations noncompliance, litigation, a loss in competitive edge and even embarrassing bad press with long-term ramifications — the kind that can curb an otherwise promising IT career,” Osterman added. “And of course, it could also simply mean the information you need to get your job done just isn’t there.”
A separate survey of more than 437 information security professionals found that 69 percent of respondents said the global cyber security skills shortage has had an impact on the organization they work for, leading to high employee turnover, excessive workloads, inappropriate skill levels, and acute shortages in the areas of security analytics, application security and cloud security.
The survey, conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), also found that 54 percent of respondents said their organization experienced at least one type of security event over the past year, and 92 percent believe the average organization is vulnerable to some type of cyber attack or breach.
“Simply stated these findings represent an existential threat,” ESG senior principal analyst Jon Oltsik said in a statement. “How can we expect cyber security professionals to mitigate risk and stay ahead of cyber threats when they are understaffed, underskilled, and burned out?”
Last fall, a CSIS survey of 775 IT decision makers found that 82 percent of respondents admitted to a shortage of cyber security skills, and 71 percent said that skills shortage is responsible for direct and measure damage to their organizations.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line,” Intel Security Group senior vice president and general manager Chris Young said at the time.