[adning id=”12070″]

[adning id=”12070″]

Departing staff and high-turnover? Significant cyber risk for SMEs

With more and more workers switching jobs, businesses are seeing higher levels of staff turnover. A survey by financial services firm Findex of more than 500 small and medium-sized enterprises (SMEs) found that more than half of firms are concerned about their ability to retain staff over the next 12 months.

While this poses an HR problem for business owners, it may also be creating a cyber security threat.

According to the 2022 Annual Data Exposure Report by US-based cyber security firm Code42, 98% of business leaders and cyber security practitioners have concerns with levels of turnover.

The report found that almost three-quarters (71%) of business owners lack visibility over what and/or how much sensitive data departing employees take to other companies. The same proportion is concerned about sensitive data saved on local machines/personal hard drives and/or personal cloud storage and services.

Insider risk is becoming a major issue for businesses. This is any user-driven data event, either malicious, negligent or accidental in nature.


“Security leaders have recognised that managing insider risk is central to keeping their most important data – source code, product designs, customer information – from ending up in the wrong hands,” the report notes.


“The financial, reputational, privacy and compliance ramifications of sensitive data being exposed and leaked are significant. Even more significant is the risk of a company’s intellectual property (IP) ending up in the hands of a competitor.”

The research noted that two years into the pandemic, companies are still adapting to new ways of working, with some choosing to go permanently fully remote and others returning to the office in starts and stops.

For most, managing a hybrid workforce will be a near-term reality. This presents a number of cyber security challenges, with more than half (55%) of surveyed respondents sharing concerns about employees becoming lax in their cyber security practices/protocols, according to the report.

“This data demonstrates the critical need for security education and awareness training, particularly during this new era of hybrid work,” the report said.

“Companies can mitigate risk by changing user behavior through training, creating a more risk-aware workforce. Frequency and quality of training are two of the most important variables.”

The report found a third (32%) of companies provide cyber security training on a monthly basis, followed by weekly (22%), quarterly (20%), daily (11%) and annually (9%).

Learn more about this topic

at SmallBiz-Week

Forum tickets on sale now 


Leave a Reply

Your email address will not be published. Required fields are marked *


Get breaking news delivered
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?