There is a surprising disconnect between employees’ growing concern over the security of their personal information and their attitudes toward data security practices in the workplace, according to results of a recent study.

Roughly one-quarter (26 percent) admitted to uploading sensitive information to cloud apps with the specific intent to share the data outside the company.
SailPoint, an independent identity and access management provider, summarizing results of a survey of 1,000 office workers for organizations with at least 1,000 employees in six countries around the world, reports that

85 percent of employees would react negatively if their personal information were breached by a company. Yet one-in-five employees would sell their passwords to an outsider. And of those who would sell their passwords, 44 percent would do so for less than $1,000.

Roughly one-quarter (26 percent) admitted to uploading sensitive information to cloud apps with the specific intent to share the data outside the company.

SailPoint’s Market Pulse Survey includes survey results across several industries. Although the survey report does not break out results for the insurance industry, 26 percent of the office workers surveyed were in finance. In terms of company size, 45 percent had 10,000 or more employee, while 30 percent had between 1,000 and 5,000 employees.

The upshot of the survey is that even though employees are concerned about their personal information, they expose their employers to data breaches through negligence and poor password hygiene.

Among other troubling findings:

  • 65 percent of respondents admitted to using a single password among applications.
  • One-third share passwords with their co-workers.
  • More than 40 percent reported having access to a variety of corporate accounts after leaving their last job.
  • One-in-three employees admitted to purchasing a SaaS application without IT’s knowledge.

Why would they make such purchases? “Because it was faster without IT” was the most common response.

The survey report breaks down the findings by country, showing responses to questions about personal concerns and negligence at work for the U.S., U.K., Germany, France, Netherlands and Australia. For example, while 40 percent of employees surveyed said they could tap into corporate accounts and data after termination, on average, across all countries, the percentage was 48 percent for the U.S. and only 26 percent for Australian respondents.

In a statement about the report, Kevin Cunningham, president and founder of SailPoint said: “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”

About the Report

SailPoint commissioned independent research firm Vanson Bourne to interview 1,000 office workers at large organizations (with at least 1,000 employees) across the United States, the United Kingdom, Germany, France, the Netherlands and Australia. The report looks at how employees view their individual role in IT security processes, and what (if any) improvements are being made by organizations to adapt to the new business realities.

The complete results of the 2016 Market Pulse Survey are available at

About SailPoint

SailPoint is an independent identity and access management provider, which helps hundreds of global organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud. The company’s product portfolio offers customers an integrated set of core services including identity governance, provisioning, and access management delivered on-premises or from the cloud (IAM-as-a-service).