Theft of data by employees is common in UK companies, a survey has revealed.
Some 72% of more than 1,000 UK employees polled by security firm Imperva admitted taking data from an employer.
The survey found 26% had stolen customer data, 25% had removed HR records, 25% had taken marketing data, and 10% had lifted redundancy lists.
The most common methods of stealing the data were USB memory sticks (23%), personal laptops (23%), other portable storage (19%), and mobile phones (13%).
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Almost half of those polled were aware of at least one colleague that had stolen data, and 69% believed a competitor had received information in this way.
Intellectual property was the prime target, followed by customer information, the survey revealed.
Faced with redundancy, 37% of respondents said they would want to take information with them, but that jumped to 70% if they knew they were about to be fired.
However, 59% said they would take information because they believed it was rightfully theirs, including employees changing jobs.
"That employees steal data is nothing new, but it is surprising to see the number of people who think they are entitled to do so," said Amichai Shulman, chief technology officer at Imperva.
Employers need to define what constitutes intellectual property and why they retain ownership if they are to curb the loss of this data to competitors, he said.
The same applies to customer data, said Shulman. "Creating policies that you adhere to means everyone knows where they stand and what is expected of them," he said.
Some 85% of respondents said they had sensitive data on their home computer or mobile, 75% had a customer database, and 27% had some form of intellectual property.
But the survey found 60% of organisations did not have a policy to cover the removal of corporate information from personal devices as employees left the company and a quarter did not have any controls to restrict access to sensitive information.