Chief executives will tell you that their company's ideas and intellectual properties are its most valuable assets that must be safeguarded, right up until they leave that company and take some of that IP with them on their way out.

A new report finds 72 percent of CEOs admit to holding on to a former employer's IP and 93 percent have a copy of work that belongs to their employer on their personal device, beyond the relative protection of the company cloud or servers. 

At the same time, 78 percent of CEOS say a company's IP is precious, suggesting that few top execs are "walking the talk" when it comes IP security and ethics.

“It’s clear that even the best-intentioned data security policies are no match for human nature,” said Jadee Hanson, chief information security officer at Code42, which commissioned the 2018 Data Exposure Report

The report was put together by Sapio Research, based on feedback from nearly 1,700 execs in the U.S., U.K. and Germany.

It finds that CEOs also aren't great at following more basic IP security best practices. Around 60 percent have put company assets at risk from malware attacks by clicking sketchy links or downloading software without checking if it is approved by corporate security. While 77 percent said they believe their IT department would frown on their actions, they do it anyway.

Perhaps most remarkably, the report found that 73 percent of Chief Information Security Officers have begun stockpiling cryptocurrency to pay ransom to hackers following a breach and of that group, 79 percent have actually paid a ransom. 

The glaring takeaway here is that a shocking majority of companies could stand to tighten up their security practices, starting at the top. 

“To protect an enterprise today, security teams need to have visibility to where data lives and moves, and who has access to it," said Rob Westervelt, research director for the security products group at IDC. "Visibility is key in protecting an organization against both internal and external threats.”