Back to Blog
Minute Read

The cubicle culprits: how in-office employees are leading the charge in corporate data exfiltration

Cameron Coles
VP of Marketing

In the wake of evolving work arrangements, the spotlight often falls on remote and hybrid employees as potential threats to data security. Yet, our latest research uncovers a surprising twist in the narrative. It’s the in-office employees, traditionally considered the safest bet, who are now leading the charge in corporate data exfiltration.

In this article

Cyberhaven’s comprehensive Q1 2024 Insider Risk Report, "The Cubicle Culprits" (download your free copy here), presents groundbreaking insights into the real dynamics of data security in today’s diversified work environments. This report, drawing from an analysis of over 3 million workers and 831,000 data exfiltration incidents, peels back the layers on where the danger really lies.

Unlike previous studies, our report doesn’t rely on surveys or conjectures. It's grounded in hard data, tracking the movement of sensitive information across various work arrangements—in-office, remote, and hybrid. The results? They challenge conventional wisdom and compel us to rethink our strategies for safeguarding corporate data.

Key findings

Remote and hybrid workplace arrangements

  • Counterintuitively, office-based workers are 77% more likely than their remote counterparts to exfiltrate sensitive data.
  • But when office-based workers login from offsite, they are 510% more likely to exfiltrate data than when onsite at the office, making it the riskiest time for corporate data.

What types of data employees exfiltrate

  • Overall, the most common sensitive data employees exfiltrate are client and customer data (31.2% of data by volume) and source code (16.5%).
  • The week before a layoff, workers are more likely to take source code (348% increase), design files and formulas (769% increase), and sensitive project files (440% increase).

How sensitive data leaves the company

  • The most common exfiltration vectors are personal cloud storage (22.7% of incidents), removable media (15.6%), generative AI tools (13.1%).
  • When employees are offsite, the way data leaves changes. Offsite, data exfiltration via Bluetooth/AirDrop is 400% more likely and removable storage is 254% more likely.

{{ promo }}

The Unseen Threat

This report is a wake-up call, emphasizing that the threat from within is not only more prevalent but also more complex than many realize. The assumption that physical presence within the office walls equates to a lower risk of data exfiltration is fundamentally flawed. As we navigate the aftermath of the COVID-19 pandemic and the resulting shifts in work arrangements, understanding these dynamics is crucial.

For businesses, the findings serve as a crucial reminder that insider risk management must evolve. Traditional security models, designed for a pre-remote work era, are no longer sufficient. Instead, a more holistic approach, one that accounts for the fluid nature of today’s work environments and the subtle shifts in employee behavior, is essential.

A Call to Action

As we present "The Cubicle Culprits," our goal is not just to inform but to equip businesses with the knowledge and tools necessary to protect their most valuable assets. By understanding the intricate patterns of data movement and the factors influencing insider risks, companies can better fortify their defenses against potential breaches.

The landscape of work and security is ever-changing, and staying ahead requires both vigilance and innovation. Let’s use these insights to foster a safer, more secure future for businesses everywhere.

Research report
Insider Risk Report Q1 2024: The Cubicle Culprits
Download now
DLP Buyer's Guide: 11 Criteria for Evaluating DLP Solutions
Download now