Market Overview

Survey Reveals 72 Percent of CEOs Admit to Taking IP, Ideas and Data with Them from a Former Employer


Code42 research underscores the need for a data security strategy
that acknowledges the reality of human behavior

In a clear demonstration that top executives defy data security best
practices and company policy, 72 percent of CEOs admit they've
taken valuable intellectual property (IP) from a former employer.
Additionally, 93 percent of CEOs say they keep a copy of their work on a
personal device, outside the relative safety of company servers or cloud
applications. Yet, 78 percent of CEOs agree that ideas, in the form of
IP, are still the most precious asset in the enterprise, showing a
disconnect between what executives say and do.

This press release features multimedia. View the full release here:

The findings, detailed in the recently released 2018
Data Exposure Report
, raise concerns about the role of human
emotions in risky data security practices. The findings also underline
the need for a realistic data security strategy that not only addresses
human behavior, but also takes both prevention and recovery into
account. The report includes feedback from nearly 1,700 security, IT and
business leaders in the U.S., U.K. and Germany. It was commissioned by Code42,
a leading provider of information security solutions, and conducted by
Sapio Research.

"It's clear that even the best-intentioned data security policies are no
match for human nature," said Jadee Hanson, Code42's chief information
security officer. "Understanding how emotional forces drive risky
behavior is a step in the right direction, as is recognizing
‘disconnects' within the organization that create data security
vulnerabilities. In a threat landscape that is getting increasingly
complex, prevention-only strategies are no longer enough."

Data is precious, but talk is cheap

While companies spend billions to prevent data loss, the research
suggests that data remains vulnerable to employee transgressions — and
the C-suite is among the worst offenders. In a clear demonstration of a
disconnect between what top leaders say and what they do:

  • Almost two-thirds of CEOs (63 percent) admit to clicking on a link
    they shouldn't have or didn't intend to, putting their corporate and
    potentially personal data at risk from malware.
  • In addition, 59 percent of CEOs admit to downloading software without
    knowing whether it is approved by corporate security. The majority of
    business leaders (77 percent) believe their IT department would view
    this behavior as a security risk, but they do it anyway.

The risks of playing data hide-and-seek

In 2018, the CISO's job is becoming significantly more challenging —
even in organizations that have the best cyber security policies and
tools in place. The risks boil down to a lack of data visibility:

  • With the rise of flexible working practices and the ongoing
    digitization of information, 73 percent of security and IT leaders
    believe that some company data only exists on endpoints.
  • As many as 71 percent of security and IT leaders and 70 percent of
    business leaders reveal that losing all corporate data held on
    endpoint devices would be business-destroying or seriously disruptive.
  • While 80 percent of CISOs agree that "you cannot protect what you
    cannot see," business leaders think otherwise. The majority of
    business leaders (82 percent) believe IT can protect data they
    cannot see, a glaring disconnect from reality.

Playing defense in an unpredictable threat landscape

In an evolving threat landscape, companies resigned to data breaches are
stockpiling cryptocurrency to pay off ransoms; and the vast majority of
stockpilers have actually paid a ransom. In fact:

  • Among CISOs, 64 percent believe their company will have a breach in
    the next 12 months that will go public; 61 percent say their company
    has already experienced a breach in the last 18 months.
  • The threat of cyberattack has led nearly 73 percent of CISOs to
    stockpile cryptocurrency to pay cybercriminals; of those, 79 percent
    have paid a ransom.

These findings underscore the unnecessary use of resources to respond to
cyberthreats in this way. With a comprehensive data security strategy
that includes visibility, companies would have a better understanding of
what happened and when. As a result, they would be positioned to recover
from data loss incidents much faster.

Ounce of prevention no longer worth a pound of cure

Despite the disconnect between what they practice and what they preach,
the report indicates that business leaders understand the need for a
multi-pronged security approach in today's complex threat landscape:

  • The majority of CISOs (72 percent) and 80 percent of CEOs believe
    their companies have to improve their ability to recover from a breach
    in the next 12 months.
  • Three-quarters of CISOs (75 percent) and 74 percent of CEOs believe
    their security strategies need to change from prevention-only to
    prevention- and recovery-driven security.

"The time has come for the enterprise to make itself resilient. IT,
security and business leaders need to arm themselves with facts about
how the emotional forces that drive employee work styles impact data
security policy," said Rob Westervelt, research director for the
security products group at IDC. "To protect an enterprise today,
security teams need to have visibility to where data lives and moves,
and who has access to it. Visibility is key in protecting an
organization against both internal and external threats."

Download a free copy of the 2018
Data Exposure Report

Note to Editors

About the Code42 2018 Data Exposure Report

The security, IT and business leader portions of the research for this
report were conducted by Sapio Research, an independent research
consultancy based in the United Kingdom. The survey was completed, via
online response, during February 2018.

The respondent breakdown is as follows:

Security and IT leaders:

  • USA: 380
  • UK: 376
  • DACH: 278
  • Almost two-fifths (39 percent) of the security and IT leader audience
    was made up of CIO, CISO, CSO and CTO respondents.

Business leaders:

  • USA: 200
  • UK: 200
  • DACH: 200
  • More than a quarter (27 percent) of the business leader audience was
    made up of CEOs.

The research surveyed 1,034 security and IT leaders, including CSOs,
CTOs, CISOs and CIOs, as well as 600 business leaders, all with
budgetary decision-making power. All respondents came from companies
with at least 250 employees. A total of 61 percent of the business
leaders, and 58 percent of the security and IT leader respondents
represented companies with more than 1,000 employees.

Access the 2018 Data Exposure Report infographic at

About Code42

Code42, a leading provider of information security solutions, secures
the ideas of more than 50,000 organizations worldwide, including the
most recognized brands in business and education. Because Code42
collects and indexes every version of every file, the company offers
security, legal and IT teams total visibility and recovery of
data–wherever it lives and moves. With real-time alerts and forensics,
these teams can easily detect, investigate and rapidly recover from any
data incident, such as ransomware, lost or stolen devices, and insider
threats. Supported by a global state-of-the-art cloud infrastructure,
the Code42 platform safeguards hundreds of petabytes of data and helps
organizations comply with evolving regulatory requirements.

Founded in 2001, the company is headquartered in Minneapolis, Minnesota,
and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners.
For more information, visit,
read Code42's
or follow the company on Twitter.

View Comments and Join the Discussion!