The Hidden Costs of an IP Breach: How to Analyze, Plan and Protect Priceless Digital Assets & Secrets



By: Ali Gomulu

Corporate networks are breached for many reasons, but among the most frightening to the C-Suite and Board of Directors are attacks that target the theft of intellectual assets.

For a government lab, it could be foreign agents stealing blueprints for a new weapon system; at a biopharmaceutical firm, adversaries may take confidential data on the latest COVID-19 vaccination, which can be worth billions of dollars. Film studios have had their upcoming movie trailers stolen, gaming companies have had their code taken, and often due to the nature of these “quiet attacks,” companies may not be aware of the breach for months or even years.

In our increasingly digital world, Intellectual property (IP) is the heart of the 21st-century company, driving innovation, competitiveness, and growth. Depending on the business, IP can form the majority of a company’s valuation.

According to US Intellectual Property Enforcement Coordinator Danny Marti, “Advancements in technology, increased mobility, rapid globalization, and the anonymous nature of the Internet create growing challenges in protecting trade secrets.”

Advancements in technology, the use of mobile devices, the tectonic shift to “work from home” spurred by the pandemic in 2020, and overall rapid globalization create growing challenges in protecting trade secrets.

While government agencies in the US and globally are working every day to recommend and mandate protections, businesses play the most significant role in addressing the growing challenges of protecting trade secrets. The first line of defense against trade secret theft is often the existence of robust and well-implemented cybersecurity and data management/protection strategy, along with contingency planning in the event of a material event.

With better information about the risks surrounding IP, its potential loss, and the impact this loss could have on the company, executives and their board members, who are responsible for protecting business assets, can understand the full ramifications of IP theft, enabling better alignment of their cyber risk program with the company’s IP management and strategic priorities.

IP theft has a history of disgruntled or opportunistic employees stealing and sharing documents – in the early days, using thumb drives, computer disks, or physical (paper) copies.  Inside, bad actors with direct physical access to perpetrate the crime and extract the trade secrets are sometimes shown in films as the individual with the briefcase. The small number of people with physical access limited the pool of suspects, increasing the risk and, therefore, the deterrent.

In an increasingly digital world, IP thieves can operate from anywhere and often anonymously, making the pool of suspects massive. Bad actors can include current and former employees, competitors, criminals, and foreign-nation state players.

When being first to market can decide market winners in our digital world, stealing or buying IP on the black market can be much faster and cheaper than investing to innovate from scratch. With research and development costs escalating, high barriers to creating a new virus might provide a quicker path to a quick profit.

What assets are at risk?

  • Trade secrets
  • Proprietary business information
  • Copyrighted data
  • Software code for data analytics
  • Software-based products and services

While the financial impact of breaches of personal, customer information is well documented because so many incidents of stealing secrets have gone unreported, many of those costs are hidden and therefore difficult to identify and quantify.

They include not only expenses associated with regulatory compliance but public relations services also to fix reputational damage, attorneys’ fees, and intangible costs that stretch out over months or even years, including revoked contracts and lost future opportunities.

Given their importance to growth, market share, and innovation, IP and cyber risk fit hand-in-glove and should be perceived and acted upon by leaders who should invest in the right cybersecurity solutions to curtail risk, including a “zero trust” posture and adoption of Privileged Access Management software.

Basics of a strong program include:

  • Reducing the number of people with access to IP
  • Identifying the “data supply chain” in handling and protecting IP
  • Integrating PAM into the overall data management/protection platform
  • Monitoring to detect threats, especially against the company’s most strategic and valuable IP
  • Ensuring third-party ecosystems are also protected with policies and access solutions that extend beyond traditional corporate borders
  • Training researchers and developers in the proper sharing, storage, data management, and retention policies, combining a technical solution with HR and employee and partner awareness

While improved security can improve the odds of preventing theft, a zero-trust, and zero-touch prevention approach is now possible. How well an organization responds to a breach can mitigate a multi-billion-dollar risk.

When IP is a driver of growth and competitiveness, as more companies have their digital transformations well underway, understanding the full impact of a potential loss helps guide the analysis for the ROI on investing in automated and advanced systems.

Similar Blogs

At The Crossroads of Risk Management and Privileged Access Management, Hyper-Automation Matters

At The Crossroads of Risk Management and Privileged Access Management, Hyper-Automation Matters

There are few things in business that come with no risk. In fact, the future truly belongs to the bold, and those enterprises who push themselves to innovate more and accelerate digital transformation across their offerings are winning. The greatest risk of all today may be doing nothing, hoping that the status quo will be enough to keep existing customers and win new customers.

read more
Mitigating Risks of Root Access for Superusers

Mitigating Risks of Root Access for Superusers

Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.

read more