People Exfiltration Hurts Like Data Exfiltration


People Exfiltration Hurts Like Data ExfiltrationIn a study conducted not long before the pandemic, Aite-Novarica learned that roughly half the time insurance carrier boards of directors spend on IT-related issues is dedicated to security-related topics.  This marks an interesting contrast with the roughly 10% of IT spending noted in our latest Budgets and Projects reports that gets dedicated to specific security-related concerns. So the spend on security is high—and the interest in it is even higher!

As former CIOs, one of our greatest concerns, from a security perspective, related to people. Even after perimeters were secured, we had aggressively moved to encrypt data (both at rest and in flight), and we had built or deployed an array of capabilities designed to monitor threats and address them at appropriate vector points, the “risk walking around on two legs” was perhaps the greatest risk of all. 

Sometimes this risk came from malicious behavior, but generally problems would rear their unfortunate heads due to accidents, errors, or failure to follow established procedures. In rare instances, errors would produce issues that we could later look back and laugh about, but those were exceptions. Anything that involved explaining what had happened to regulators never produced even a glimmer of mirth. Now, in 2022 there is another people related risk, of equal import.

Consequences of Employee Turnover

Over the course of the COVID-19 pandemic, Aite-Novarica has discussed workforce strategies with carriers, covering topics like remote work, hybrid work, “work from anywhere,” and other contemporary challenges. Overall, these efforts have worked well, allowing organizations to operate effectively, build new operating muscle, and advance their own digital strategies. Despite the dark cloud of COVID-19, some silver linings have emerged.

In addition, on the tail of the pandemic we have the Great Resignation. The amount of turnover has already reached painful levels for some organizations, and attracting and retaining talent in hot labor markets is a new and unexpected challenge for many. The consequences of these talent issues should be top of mind for technology leaders as we race toward the end of Q1 2022 and the voluntary resignation rates show no sign of letting up.

Below is a summary of some obvious—and some maybe not-so-obvious—points for what happens when good companies lose good people:

  • Loss of intellectual property (IP): A recent article by Paola Peralta, “The Great Resignation is Driving Data Breaches and Cybersecurity Threats,” points out that people leaving often take artifacts with them. This activity may not be done with malicious intent; it may be linked to a sense of, “This work product is really mine.” Lines get blurred in the eyes of the employee if a company has employees use their personal cell phones or personal email addresses for company matters. In these cases, there is data loss not due to an invasion, but because of an exit. If the person leaving stays in the industry, strategic moves can be communicated more broadly than a company would like. In addition to Peralta’s article, Aite-Novarica notes that hiring is not the only way for this knowledge to be transmitted; the interviewing process alone can give insights on a company’s strategy and how they intend to execute the strategy.
  • Multiplication of cultural challenges: Turnover can lead to more turnover. Humans are social creatures, and as much as we pride ourselves on independence of thought and value our own perspectives, we are influenced by those around us. Or those no longer around us. A department that has had five people recently leave should not be surprised when numbers six and seven go. It does not mean the department is “bad,” but if people sense that something better is out there due to the action of their peers, they may pursue options themselves.
  • Lost output: The obvious one! Presumably, people are doing necessary work. From time to time, there will be the opportunity to eliminate tasks or possibly combine roles, but more commonly this is not the case. When people depart, the workload needs to be distributed over the remaining resources or sit in a backlog. The added burden and task switching can create a slippery slope of increasing burnout and adding to even more voluntary turnover.
  • Cost to recruit and procure new resources: For jobs in high-demand disciplines, replacements require a higher total compensation. Sometimes, companies are shocked at what the delta in compensation is and may not believe what recruiters are reporting for replacement salaries. Part of this shock may be linked to the concurrent realization that the company is now competing nationally for talent.

Much like the start of the pandemic, when organizations needed to scramble to create new survival strategies to prepare for a dramatically different paradigm, our newly emerging reality will also require thoughtful and proactive planning.

One thing we know for certain is that we are not returning to 2019.  Ever.

If you’d like to discuss this topic, and strategies for addressing the concerns, in more detail, please let us  know at [email protected] or [email protected]. With new challenges can come new opportunities.