Davos Agenda

Insider threats: how the 'Great Resignation’ is impacting data security

The Great Resignation has raised the risk of insider threats as people quit jobs voluntarily en masse.

The Great Resignation has raised the risk of insider threats as people quit jobs en masse, and voluntarily.. Image: Unsplash/Dan Nelson

Jony Fischbein
Chief Information Security Officer, Check Point Software Technologies
Our Impact
What's the World Economic Forum doing to accelerate action on Davos Agenda?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Davos Agenda

This article is part of: World Economic Forum Annual Meeting
  • The Great Resignation has seen the largest exodus of employees on record, putting pressure on employers to attract and retain talent.
  • But the 'turnover tsunami' and working from home during the COVID-19 pandemic has also increased cybersecurity challenges.
  • Organizations need stringent offboarding solutions to reduce the risk of the insider threats and data breaches when people leave.

The so-called Great Resignation, a term coined and predicted by psychologist Anthony Klotz during the pandemic, has had a profound impact on organizations around the world.

What started as a US phenomenon has gone global, with 2021 seeing the largest exodus of employees on record. Nearly 4.5 million people in the US voluntarily resigned in November 2021 alone, setting an all-time monthly record.

Some in the media are referring to this as a “turnover tsunami” because of the uphill struggle some organizations now face in terms of attracting and retaining talent. But that’s not the only hill they have to climb.

Data security risks and high employee turnover

As well as dealing with the largest skills gap in a generation, business leaders are also dealing with the inevitable data security risk that comes with record-breaking employee turnover – and that’s proving very problematic.

Have you read?

Data loss is always a risk when an employee leaves an organization. According to a recent report, almost two-thirds (63%) of all employees admitted to taking data from their previous workplace to use in their current job, but there are countless others who appropriate data on their way out of the door without even realizing it.

Whether malicious or accidental, the consequences can be equally devastating. As it turns out, the Great Resignation could actually be one of the biggest insider threats facing organizations in a generation.

Growing concern about insider threats

When it comes to employee turnover, security should always be a part of the conversation. Regrettably, that hasn’t always been the case, particularly over the course of the past two years.

Faced with a mass exodus of talent, it’s perfectly understandable that organizations should be focused on talent acquisition and retention. But by neglecting good data hygiene with the coming and going of employees, they’re leaving themselves wide open to attack.

This risk has only been heightened for the countless organizations that switched to a hybrid working model. So sudden was the move to incorporate remote working during the pandemic, that bring-your-own-device (BYOD) adoption surged, broadening the attack surface area for criminals and, crucially, creating more data siloes that are potentially outside of an organization’s control.

In the first year of the pandemic, 67% of employees said they were using personal devices to get some of their work done. What’s more, a staggering 87% of organizations said they were relying on their employees’ ability to access mobile business applications and other important information from their personal smartphones.

Remote working raised the security risk

While the benefits of BYOD, particularly during the rapid transition to remote working, were significant, the potential drawbacks in terms of data hygiene and security were often overlooked.

It’s a significant security blind spot, with 71% of organizations admitting that they don’t know how much sensitive data departing employees typically take with them when they move onto pastures new.

This data can be used maliciously to gain leverage over a previous employer or give a new employer a competitive advantage. But even if the ex-employee isn’t aware they’re exfiltrating data, and it simply lies dormant on their device, it’s still an extreme security risk.

These data loss issues are difficult enough to deal with during periods of average employee turnover, but the Great Resignation combined with BYOD and a trend toward hybrid working has only amplified the challenge.

How does data loss typically occur?

There are really two types of data exfiltration – malicious, and non-malicious. Malicious exfiltration of data is more common than many organizations realize, and usually involves a departing employee purposefully taking sensitive data to either cause harm to the organization they’re leaving or give themselves an advantage in their next venture.

Depending on their role and level of access, it isn’t difficult at all for employees to smuggle data out of an organization, particularly if the “offboarding” process isn’t very thorough.

Common mistakes include keeping ex-employee email accounts active, failing to revoke their access to company servers, or allowing them to use unmonitored personal devices in their day-to-day work.


What is the World Economic Forum doing to address the cybersecurity workforce gap?

However it can also be non-malicious or accidental, but that doesn’t make it any less dangerous. During the Nefilim ransomware attack in 2021, it was revealed that one of the primary methods the attackers used to breach corporate networks was to take advantage of so-called “ghost accounts” – login credentials belonging to ex-employees that were still active.

In one instance, a threat actor had commandeered an account with admin privileges that had belonged to a deceased employee, allowing them unfettered access to the corporate network. These dormant accounts are frighteningly common, and are one of the main threat vectors for external attackers.

It’s not uncommon for employees to remain logged into their user accounts on certain devices once they’ve left an organization. In some instances, they may even have a corporate device such as a tablet or smartphone that they simply forget to return or, worse, are not asked to return. This is another instance in which a thorough offboarding process would help to mitigate risk.

How to mitigate risks of insider threats

As we continue to navigate the relatively uncharted waters of large-scale hybrid working, it’s never been more important for organizations to exercise good security hygiene. There should be robust policies in place that specify rules around data handling, outlining what employees can and cannot do.

While this won’t stop a malicious insider in his or her tracks, having clear rules in place will make accidental loss less likely when an employee does eventually move on.

The principle of least privilege or “zero trust” should also be applied at all times, particularly where employees are working remotely. This makes all data held by the organization available on a need-to-know basis only, limiting the number of accounts that have access to sensitive data and decreasing the chances of an insider threat emerging.

As well as putting company-wide safeguards in place for all employees, it’s also important that organizations handle the offboarding process meticulously. This is where a lot of organizations tend to fall down, particularly when they’re more focused on the new talent that’s coming in rather than the talent they’re letting go. It’s one of the rare instances in cybersecurity where looking back is just as important, if not more so, than looking forward.

Businesses need stringent offboarding processes

No user accounts should remain active once an employee has left an organization, and logs should be checked thoroughly before an employee leaves to ensure no data has been transferred to an external source. The offboarding process should carry on even after the employee has left the building, with accounts monitored regularly to ensure that all access has indeed been revoked.

Organizations cannot guarantee 100% mitigation of insider threats, but they can strive for 99% and hit that target with the right focus and resources.

Check Point’s cybersecurity solutions, for example, help organizations create a safe and streamlined offboarding experience, reducing the risk of data loss or exfiltration. From the automatic monitoring of endpoint devices and intuitive zero-trust segmentation, to multi-layered cloud security that can detect device anomalies and automatically provision and scale security policies.


How is the Forum tackling global cybersecurity challenges?

True to their name, insider threats are always lurking in the background during times of crisis. It just so happens that the Great Resignation is a crisis that lends itself perfectly to malicious motives and careless actions around the handling – or mishandling – of data.

If organizations devote as much attention to offboarding employees as they do onboarding them, they stand a greater chance of keeping their networks secure in 2022 and beyond.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
Davos AgendaCybersecurityFuture of WorkFuture of Work
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How can a market war for sustainable fuel resources be prevented?

Ameya Hadap, Thibault Villien De Gabiole and Laia Barbarà

February 20, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum