The number of intellectual property (IP) cyber theft incidents for the remainder of the year is expected to increase, according to 58 percent of respondents to a recent Deloitte poll. When asked which category of potential adversary they believe is most likely to attempt theft of their organizations’ IP, the prevailing percentage of respondents (20.1 percent) answered “employees or other insiders.” Yet, only 16.7 percent of respondents said access to IP is very limited, on a need-to-know basis only.
“While many of us know—or have experienced firsthand—how a cyberattack can severely disrupt business, loss of an asset as critical as IP can be crippling for most organizations,” said Don Fancher, principal, Deloitte Financial Advisory Services LLP, national leader, Deloitte Forensics & Investigations, and Deloitte Forensic leader, Deloitte Global. “Managing risks to trade secrets, drawings, plans, or proprietary know-how that drive your organization’s revenue and competitive advantage often includes quantifying how loss of that IP would impact the business, preparing to identify and pursue adversaries, and building a defensible chain of data custody to counter future IP cyber theft threats.”
As cited in the Deloitte Review article, “The hidden costs of an IP breach: Cyber theft and the loss of intellectual property,” IP can constitute more than 80 percent of a single company’s value today. And yet, 44.1 percent of respondents to the Deloitte poll collectively feel that assessing the impact of IP loss and managing relationships would be the largest challenges faced by their organization. Sectors expecting a higher than average increase in IP cyber theft in the next year included: Power and utilities (68.8 percent); telecom (68.8 percent); industrial products & services (64.7 percent); and automotive (63.9 percent). Those sectors expecting higher than average insider IP theft attempts included: Automotive (32.2 percent); oil & gas (27.2 percent); and real estate services (26.2 percent).
Tips for assessing the potential impact and protecting against intellectual property loss include:
• Define the critical assets (e.g., facilities, source code, IP and R&D, customer information) that must be protected and the organization’s tolerance for loss or damage in those areas.
• Validate that any partners or suppliers involved in IP creation or utilization collaborate with the cyber risk program.
• Evaluate whether exposing some IP in the public domain may make the organization more subject to attack.
• Consider whether the competitive landscape points to new cyber threats to IP protection.
• Improve cyber resilience to manage brand impact and market position in the event of IP theft.