Study: 50 Percent of IT Ex-Employee Accounts Remain Active for a Day

Everyone can picture that one “petty revenge” employee who should have been let go years earlier. But when they finally are given the boot, is their account properly locked afterwards. Half the time, a new study indicates, it is not. And according to 20 percent of the respondents in the study, that failure in handling an ex-employee wound up leading to a data breach at the organization in question.

Revenge of the Ex-Employee

The news comes from identity management provider OneLogin, which commissioned Arlington Research to run 500 online interviews on a nationally representative sample of experienced non-managers and above who work in their company’s IT department decision-makers for hardware, software and cloud-based services. Across the board, the issue of ex-employee accounts was a concern.

“According to 20 percent of the respondents,” the survey says, “failure to deprovision employees from corporate applications has contributed to a data breach at their organization. The research found that nearly half (48 percent) of respondents are aware of former employees who still have access to corporate applications, with 50 percent of IT decision-makers ex-employee’s accounts remaining active once they have left the company for longer than a day.


A quarter (25 percent) of respondents take more than a week to deprovision a former employee and a quarter (25 percent) don’t know how long accounts remain active once the employee has left the company.”

How online shoppers are more vulnerable to cyber attacks than ever

What to Do About It

IT employees need to be aware of this security problem and should respond by tightening protocols. As with many other security concerns, staying proactive is key to solving the problem.

“The bottom-line is that companies aren’t following very basic but essential security measures around employee provisioning and deprovisioning,” said Alvaro Hoyos, the chief information security officer at OneLogin, in the company’s press release. “This should be a cause for concern among business leaders, especially considering how many data breaches are caused by ex-employees.”

Past studies have indicated that business leader remain unaware of the dangers they face: CEOs in particular, TechCo has reported in the past, are a problem: 75 percent admit that they “use applications and programs that are not approved by their IT department,” even while 91 percent acknowledge the security risk this poses.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals