Data thieves are using email and printed documents to entice prospective employers with sensitive information.
But only 6% of cases involved the use of USB sticks, CDs or DVDs, a trend attributed to restrictions implemented by firms aware of the risks.
Law firm Mishcon de Reya said a desire to improve employment prospects was the motivation in 65% of data theft cases.
Three in ten data thieves planned to use stolen information to set up competing businesses.
Robert Wynn-Jones, a partner at the firm, said: "The data thieves aren’t necessarily getting more sophisticated, there’s just more of it going on."
Methods of theft tended to be uncomplicated, with email used in half of breaches and printed documents in a quarter, despite frequent calls from the security industry for practices to be improved.
"There are thousands of firms who haven’t had a breach and who don’t think it’s going to happen to them," Wynn-Jones added.
As IT security ‘hygiene’ improves, Wynn-Jones expects methods to become more intricate, with hacking likely to rise in the future.
Customer information was stolen in 82% of cases involving the service sectors, while internal financial data was collected in one in ten breaches.
Lone males aged 24-35 were responsible for two-thirds of the cases in Mishcon’s report, with lone females and groups accounting for a fifth of breaches each.
Wynn-Jones echoed the report’s warnings that employers should be wary of ‘dowries’ offered by candidates to secure new jobs. "The test is: ‘Does it have the character of confidence?’" he said.
"If you have got a list of 1,000 people with their phone numbers, that’s likely to be confidential, and it’s also likely to be a data protection issue," he added.
The report sampled 150 of the firm’s cases, including large listed companies, financial institutions and SMEs, and excluding cyber-warfare and breaches related to identity theft.
This article is from the CBROnline archive: some formatting and images may not be present.