A gap is growing between employees' concern over their personal information security and workplace data practices, with 20% stating they would sell company passwords, according to a global survey from the Austin, Texas-based SailPoint.

Identity and access management provider SailPoint's Market Pulse Survey, designed to measure employee attitudes toward protecting corporate digital assets, found 85% of employees would react negatively if a company breached their personal information. Yet, employees exposed employers to possible data breaches through negligence and poor password practices.

Additionally, the survey highlighted an ongoing challenge for IT and security professionals: Twenty-six percent of employees admitted to uploading sensitive information to cloud apps with the specific intent to share data outside the company.

"The cyber threat landscape is infinitely more complex and dangerous today than it was even a few years ago," the survey stated. "In fact, the world experienced data breaches as it never had before in 2015 thanks to their sheer volume, size and reach. Breaches became so frequent, in fact, that organizations around the world began realizing a startling truth: Being affected by a data breach is no longer a matter of if but when."

Key findings from SailPoint's 2016 Market Pulse Survey included the following:

  • Poor password hygiene continues to plague enterprises. The majority of respondents (65%) admitted to using a single password among applications and one third share passwords with co-workers.
  • Employees do not assume responsibility for protecting the integrity of corporate security processes. One in five employees would sell their passwords to an outsider. Of those who would sell their passwords, 44% would do so for less than $1,000. This is up from the one in seven who said they would sell a password a year ago, according to the report.
  • Organizations are struggling to keep up. One in three employees admitted to purchasing a SaaS application without IT's knowledge (a 55% increase from last year's report). Alarmingly, more than 40% of respondents reported having access to a variety of corporate accounts after leaving their last job.

"This year's Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers," Kevin Cunningham, president and founder of SailPoint, said. "Today's identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it's imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage."

John Barco, vice president of global product marketing at the San Francisco-based access management and identity management firm ForgeRock, said, "The news about employees willing to sell their login credentials is worrying, and reinforces the need for organizations to adopt security practices and technologies that go beyond simple passwords. Ideally, trusted device management and continuous security checking will become mainstream. For example, linking trusted, previously registered devices to individuals and logins would help to cut down on the risks associated with credential theft or credential selling,"

Barco said continuous security checking, in which an identity management solution would track for factors such as differences in request location over time, can also help to provide greater security.

"In the instance of someone selling their work login, for example, if that password ultimately fell into the hands of a hacker based in Eastern Europe, it would no longer work because a) the device the hacker is using wouldn't be recognized, and b) the distant, unrecognized location would prompt greater scrutiny."

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).