Why it matters: An online poll recently conducted by Deloitte Advisory Cyber Risk Services reflects growing concern among IP professionals across all business sectors and industries about the security of their companies' IP assets in the face of an anticipated increase in cyber thefts. A majority of those surveyed believe that IP cyber theft incidents will increase over the next 12 months. Although IP can constitute upwards of 80% of a single company's value today, the poll results indicate that a significant portion of their companies had yet to fully secure their IP assets. In the face of a growing threat to some of their most valuable assets, companies would be well-served by proactively developing and having in place a comprehensive plan for securing their IP assets and, should it occur, for effectively dealing with IP cyber theft.
Detailed discussion: On October 25, 2016, Deloitte Advisory Cyber Risk Services released the results of an online poll of intellectual property (IP) professionals it had conducted on September 28, 2016, in conjunction with a webcast entitled "Cyberattackers and your intellectual property: Valuing and guarding prized business assets." The survey reflected a growing concern among IP professionals about the security of their companies' IP assets in the face of an anticipated increase in actual and attempted cyber thefts in the coming year. Notwithstanding this concern, the survey also reflected that, even though IP can constitute a large percentage (sometimes more than 80%) of a company's value, almost 50% of respondents said that their companies are either still in the building stages of their IP security plans or have not yet started putting one together.
The nearly 3,000 poll respondents were IP professionals that came from a broad array of business sectors, including:
Banking and securities: 13.5% Technology: 8.4% Investment management: 6.1% Travel, hospitality and services: 5.4% Insurance: 5.1% Retail, wholesale and distribution: 5.0%
Anxiety About Rise in Cyber Theft
The poll results showed that 58% of respondents across all business sectors expect the number of IP cyber theft incidents (defined as successful or attempted cyber theft of trade secrets, drawings and plans, or proprietary know-how) to increase over the next 12 months. Broken down by individual industries, the percentage of respondents who anticipate IP cyber theft incidents to increase is even higher:
Power and utilities: 68.8% Telecom: 68.8% Industrial products and services: 64.7% Automotive: 63.9%
Company Insiders Seen as Main Cyber Theft Threat; Many Companies Not Prepared
The survey showed that 20.1% of respondents across all business sectors (higher when polled by individual industry) believe that the IP cyber theft will come from "employees and other insiders" at their organizations, followed by competitors (16.3%), activist groups (12%), third-party vendors (11.7%) and nation states (10.1%). Notwithstanding this, only 16.7% of respondents said that access to their companies' IP was "very limited, on a need-to-know basis only," while 36.1% said that their organizations' efforts to secure their IP were in the "building stage," and 12.1% said that their efforts were "lacking" and that they did not have a defined program to protect and monitor access to their IP. Given that a large number of those polled believe that IP cyber theft will come from insiders, it was suggested that companies create a specific "insider threat mitigation program" that includes both routine and random auditing and established policies and training for employees.
Perceived Major Challenges in the Event of Cyber Theft Incident
Even though IP can constitute a large percentage of a company's value, when asked about the biggest challenges their organizations would face in the event of an IP cyber theft incident, a combined 44.1% of poll respondents answered "assessing what IP had been stolen, or the impact of IP loss" and "managing investor and customer/client relationships." Suggested actions companies can take to mitigate these challenges include developing plans to identify key IP assets, assessing in advance the potential impact to the organization of their loss, and developing a concrete plan to secure them from both internal and external cyber theft because, in short, "[o]rganizations need to define their cyber risk, up front, in conjunction with their strategic priorities when making decisions on protecting their most critical assets because they recognize what the adverse consequences would be otherwise."