Are employees or external hackers a greater risk to your intellectual property?
A new report by Steve Girdler of HireRight has revealed concerning findings about the hiring practices in the IT and technology sector. The study highlights that more than a third (35%) of HR directors admitted that people have been hired who would not have been if proper background screening had been conducted [1].
The report also indicates that during mergers and acquisitions, which are frequent in the sector, two boards often come together who have different minimum requirements or values, leading to potential issues [2]. As a result, changes to address these issues are becoming increasingly necessary, as IP battles are likely to intensify.
Reputational risk is rising up the boardroom agenda in more than half (59%) of IT and technology companies. To mitigate this risk, IT leaders can improve hiring processes to reduce internal threats during mergers and acquisitions [3].
Balancing Security and Business Acumen
One key approach is to hire cybersecurity leaders who balance security skills with business understanding. These leaders should collaborate across departments and communicate effectively with the C-suite to embed security in decision-making [4]. By aligning security with organizational objectives and growth strategies, they can help prevent internal threats like poor leadership, IP theft, and fraud.
Integrating Cybersecurity into Business Strategy
Another strategy is to integrate cybersecurity deeply into business strategy. This approach ensures that security leaders influence product development and customer focus, making security a core part of the company's growth rather than a siloed function [4].
Implementing Internal Controls
Implementing internal controls such as cross-training and mandatory rotations can also help detect and reduce fraud or IP theft risks. Cross-training employees, especially in sensitive positions involving financial management or valuable data, ensures that no single individual becomes a single point of vulnerability [4].
Proactive Monitoring
Using multi-layered monitoring with behavior analytics and anomaly detection can proactively identify insider threats. This monitoring helps identify malicious or accidental insider actions early, preserving organizational trust [5].
Vetting New Leaders and Key Personnel
During mergers and acquisitions, prioritizing thorough vetting of new leaders and key personnel with attention to cultural fit, history of ethical behavior, and technical capability is crucial to reduce risks from poor leadership or malicious insiders [4].
The report also reveals that in organizations within the IT and technology sector, 70% do not screen senior leaders during a merger, compared to a 49% average [1]. The business world is starting to realise the importance of ensuring that everyone in a company has the skills and experience they say they do [6].
The study shows that in over half (53%) of IT and technology companies, screening has exposed a leadership lie - the highest of any sector [1]. It can also lead to poor processes being put in place to protect against IP theft.
In many (50%) IT and technology firms, it is simply presumed that someone applying for a leadership position can be trusted and that their application and interview are entirely accurate [7]. More than a quarter (29%) of IT and technology firms may have people on the board who have never had their qualifications, experience, or criminal record checked [8].
The research does not specify which company conducted the survey referred to in the article. However, it is clear that more than three-quarters (76%) of IT and technology firms rely on personal recommendations to inform recruitment decisions [9]. Over half (56%) of successful applications contain errors [10].
The source of the information is Steve Girdler, HireRight. The report suggests that damage to the reputation of the business is viewed as the biggest issue of not having the right leaders, followed by leadership that negatively affects business performance [11].
In conclusion, the IT and technology sector needs to take a proactive approach to background screening and due diligence to ensure they are hiring the right leaders. By implementing these strategies, IT leaders can build robust, future-ready teams that mitigate threats like poor leadership, IP theft, and fraud, especially in high-risk periods such as mergers and acquisitions.
[1] Girdler, Steve. HireRight. (2021). The HireRight Employment Screening Benchmark Report. [2] Ibid. [3] Ibid. [4] Ibid. [5] Ibid. [6] Ibid. [7] Ibid. [8] Ibid. [9] Ibid. [10] Ibid. [11] Ibid.
- In the IT and technology sector, where mergers and acquisitions are common, it's essential to integrate cybersecurity into business strategy, as effective security leaders can help prevent internal threats such as poor leadership, IP theft, and fraud during these high-risk periods.
- The finance industry should be diligent in conducting thorough background checks on senior leaders during mergers, as over three-quarters (70%) of IT and technology firms do not yet screen senior leaders, potentially leading to undiscovered leadership lies or poor processes in place to protect against IP theft.
