New McAfee research released today shows that European businesses are increasingly at risk from the inside, as employees repeatedly expose valuable and sensitive company information.

Apparently, investments in protection of corporate data from hackers and other external threats are being undermined by negligent employees, and companies failing to make clear their security policies.

A study of 600 office workers across Europe showed that employees are transferring an increasing amount of confidential data out of the business.

In the UK, 132 million sensitive documents are taken out of UK offices on portable devices every week.

Most often, documents are removed using portable devices such as memory sticks and mobile phones, web-based email services, or by IM applications. These methods often fall outside the control of a company's IT department, McAfee said.

Internal documents

Day-to-day internal documents and customer data/records were the top two most common types of documents to be taken from companies, followed by company financial information.

Over half of the respondents (52 per cent) said they would take company data with them when they left a job.

The average European office worker takes 11 confidential documents out of their company on a weekly basis. Dutch employees are the worst offenders, with 19 documents leaving company premises every week, followed by the Spanish (13 per week). British workers seem the most confidentiality-conscious, sharing an average 6 documents per week.

The study showed that almost a quarter (24 per cent) of employees had no idea what their company policy on handling sensitive documents is. More than a third (37 per cent) didn't have a set policy for such matters.

"Whilst most organisations strive to comply with the legal policies that ensure the safe handling of sensitive information, they fail to recognise their employees as a potential Achilles heel," said Greg Day, security analyst at McAfee.

"These findings clearly indicate that data loss from within is a growing issue and that companies need to address it alongside protecting themselves from external threats," Day said.