Nearly three-quarters of workers who upload company data to generative AI platforms do so without employer-provided licences, potentially exposing businesses to data breaches and intellectual property loss, according to new research by data resilience firm CrashPlan.
The forthcoming Work Trend Security Report by CrashPlan, based on a survey of more than 2,300 U.S. workers, found that 72 per cent of respondents who uploaded work data to generative AI (GenAI) platforms did so without a licence from their employer. Additionally, 65 per cent of companies provided no clear policies regarding the use of data with or from AI platforms.
“Companies are clearly excited about the potential of GenAI to increase productivity and efficiency, but they need to be aware of the data security risks involved,” said Todd Thorsen, chief information security officer for CrashPlan. “When employees upload sensitive company data to third-party GenAI platforms, they are essentially giving that data away. This could have serious consequences for companies, including data breaches, intellectual property theft, and regulatory violations.”
The survey revealed that 39 per cent of respondents have used a GenAI tool for work, but only 22 per cent said their employers provided them with licences to use GenAI platforms. Among those who used GenAI, 69 per cent did so without an employer-provided licence.
Industries with the highest GenAI usage included technology and telecommunications at 51 per cent, and higher education at 49 per cent. Roles with the highest usage were programmers and developers (54 per cent) and architects (50 per cent).
Insurance professionals (32 per cent) and architects (31 per cent) were most likely to upload work data to GenAI platforms, while data scientists (18 per cent) and accountants (20 per cent) were least likely.
The report also noted generational differences, with millennials being the most likely to upload work data (26 per cent) to GenAI platforms, compared to 21 per cent of boomers.
Notably, employees identified as “rage deleters”—those who admitted to intentionally deleting data before leaving an employer—were more likely to use GenAI platforms (49 per cent) and to upload data to them (40 per cent).
Thorsen emphasized the need for companies to implement clear policies and provide guidance on the use of GenAI tools to mitigate potential risks. “Without proper oversight, the unregulated use of GenAI can lead to significant security vulnerabilities,” he said.
