The threat of corporate email addresses and other employee data being stolen and exploited by cyber criminals still not being taken seriously, despite the potential damage such a hacking incident could do.
Researchers at cybersecurity company Terbium analysed how companies approach security risks and found that many are underestimating the damage which could be done if employee data was stolen and leaked to the dark web or wider internet.
According its Underrated Risks of Data Exposure report, just 11% of those surveyed believe corporate email addresses could be at high risk of exposure on the internet and even fewer believed social security numbers, names, bank accounts and payroll records of employees are the sorts of data which cyber criminals are interested in.
"People are generally concerned about their customer data being exposed. But when they look at employee data, no one cares, " Emily Wilson, VP of research at Terbium Labs told ZDNet.
Companies are more worried about customer data being exposed by hackers – and while that does create loss of revenue and reputation, ignoring the potential cost of corporate data being stolen could make falling victim to an attack which exposes customer data much more likely.
"Corporate employee data is the skeleton key to whatever you want in the organisation," Wilson explained.
"If you have employee email addresses then you engage in phishing and business email compromise. It's a broad entry point into a company's systems and having access to employee data gives you the run of the place," she said.