- One-fifth of workers have actually sold company information for money
- Many also use company money for fraudulent activity
- Training isn't enough – protections need to be put in place
New research from Cifas aims to quantify insider threats by highlighting how normalized workplace fraud has become – including selling sensitive company data for money.
As many as one in five (18%) admit to having sold company login credentials for money, which could be the riskiest behavior observed by the company and proof that cyber protection against outsider attacks alone is no longer sufficient.
But selling company information isn't the only risk, with workers also likely to carry out other dodgy activity that could be costing companies cash and their security.
Insider fraud is a growing risk for companies
Around one-quarter believe it's acceptable to work for another competitor company secretly (24%) and believe expenses fraud is justifiable (24%), with 13% knowing someone who has used company funds for gambling or betting purposes.
In fact, getting into the company in the first place can often be immorally aided, with around a fifth (19%) knowing someone who's used fake job references to get hired.
"These findings aren’t isolated incidents," CEO Mike Haley explained. "They reflect a broader shift in workplace behaviours when faced with the opportunity to commit fraud."
Cifas highlighted the importance of employee wellbeing and company culture in ironing out fraud and instilling loyalty. "Equipping them with the right training not only strengthens organisational resilience, but it empowers people to recognise and challenge risky behaviours before they escalate," Director of Learning and Public Sector Rachael Tiffen explained.
While training can go part of the way to sharing the risks with workers, companies must also take some accountability by employing insider threat monitoring, stronger identity verification and more robust background checks.
