There’s no shortage of stories about employees stealing company secrets, but a new study has found that the biggest risk may come from the top, with chief executive officers often presenting a larger risk when it comes to enterprise intellectual property protection.

The claim comes from Code42 Inc.‘s 2018 Data Exposure Report which surveyed 1,700 security, information technology and business leaders in the U.S., U.K. and Germany. Among the highly surprising findings: Some 72 percent of CEOs admitted they’ve taken valuable IP from a former employer.

In terms of security, the numbers get worse. Ninety-three percent of CEOs say they keep a copy of their work on a personal device outside of company servers or cloud applications. That’s despite 78 percent agreeing that ideas, in the form of IP, are still the most precious asset in the enterprise, “showing a disconnect between what executives say and do.”

Almost two-thirds of CEOs admitted to clicking on a link they shouldn’t have or didn’t intend to, putting their corporate and potentially personal data at risk from malware. An additional 59 percent of CEOs admitted to downloading software without knowing whether it was approved by corporate security.

“It’s clear that even the best-intentioned data security policies are no match for human nature,” Jadee Hanson, Code42’s chief information security officer, said in a statement. “Understanding how emotional forces drive risky behavior is a step in the right direction, as is recognizing ‘disconnects’ within the organization that create data security vulnerabilities. In a threat landscape that is getting increasingly complex, prevention-only strategies are no longer enough.”

Other findings in the report include an overall negative outlook from chief information security officers. Some 64 percent said they believe their company will have a breach in the next 12 months that will go public, and 61 percent said their company has already experienced a breach in the last 18 months.

Interestingly, 73 percent of CISOs said that they’ve already stockpiled cryptocurrency to pay cybercriminals in the event of a data breach. In fact, 79 percent said they’ve previously paid a ransom demand, suggesting that the practice may be far more widespread than previously thought.

Image: Pixabay