The Ponemon Institute conducted a covert experiment sponsored by 3M and the Visual Privacy Advisory Council (VPAC) to discover if companies were prepared to protect against visual hacking. For the study, a "White Hat Visual Hacker" walked through the offices of eight participating U.S.-based companies to see what they could gather through only visual means.
The White Hat Hacker had their eyes peeled for customer data, login credentials, financial information, confidential documents, and other types of sensitive information. Surprisingly, the hacker was able to obtain sensitive data in 88% of the trials, mostly from the desk of an employee or a computer screen, often without being noticed. Only 30% of the time did an employee question the hacker's activity. The experiment also revealed how quickly visual hacking can occur, because in 45% of the cases the hacker gathered valuable information in less than 15 minutes. To protect form visual hacking, an organization should implement stricter policies on and around the desks of its employees.