In a closely watched infringement case in which Centripetal Networks asserted cybersecurity patents against Cisco, a U.S. court in Virginia recently awarded to Centripetal $1.9 billion in damages. Everything about the case is attention-grabbing, from the staggering damages to the mechanics of the trial, which was conducted over 22 days entirely by videoconference. While the case is unusual in its scope and complexity, it teaches important lessons about patent damages that cybersecurity professionals should understand.

Multiple factors contributed to the historic award. Actual past-damages from Cisco’s infringing switches, routers, and software totaled $756 million. But because the judge rejected Cisco’s arguments against infringement and found Cisco’s defenses were not objectively reasonable, he ruled that Cisco willfully infringed the patents. Because Cisco’s infringement was willful, the judge decided to multiply the damages 2.5x, resulting in $1.89 billion. In theory, the judge could have used a 3x multiplier based on the willfulness, but used the lower number in view of Cisco’s successful non-infringement position for one of the asserted patents. Also adding to the damages award was prejudgment interest of $13.7 million, yielding $1.90 billion. And that was not all – the judge also ordered Cisco to pay an ongoing royalty amount for future infringement, based on royalties of 10% for three years, and 5% for three years after that. Centripetal calculates the total damages to between $2.66 billion - $3.25 billion, depending on Cisco’s future sales of infringing products.

Damages in the Cisco case were determined according to the “reasonable royalty” approach, which is the most common in patent cases, and distinct from the “lost profits” approach. A reasonable royalty is supposed to reflect what a willing licensor and willing licensee would have agreed to as a royalty just before the infringement began. Two key variables in a reasonable royalty damages assessment are the royalty base and the royalty rate. In the Cisco case, the royalty rate was determined largely from a prior settlement agreement Centripetal entered, which included a $25 million upfront payment, a 10% royalty for directly competing products, and a 5% royalty for non-competing products. Based on this datapoint and a weighing of other evidence (e.g., Cisco’s revenue increases tied to the infringement, and acquisitions in the field), the court adopted 10% as the reasonable royalty rate. The royalty base was determined largely by examining the functionality of the infringing Cisco switches, routers, and software, and determining the proportion of functions that were implicated by the infringement. This form of apportionment was then applied to Cisco’s total revenues of infringing products, which yielded $7.56 billion. Applying the 10% royalty to that figure resulted in the $756 million in past damages that was at the heart of the court’s ultimate award.

While damages numbers of this magnitude reflect Cisco’s size, Israeli cybersecurity companies should appreciate from this example how damages can quickly grow when willful infringement, prejudgment interest, and ongoing infringement are factored in. Willful infringement can act as a 3x multiplier of damages, and thus vastly change the potential liability of an accused infringer. While patent owners want to seek willful infringement in every case where the facts support it, accused infringers can try to avoid that risk by developing strong positions on non-infringement and invalidity, obtaining an opinion of counsel on those issues, or redesigning their products to avoid infringement. Prejudgment interest can be a small factor in cases like Cisco, where infringement started only recently (2017, in the Cisco case). But in cases where infringement dates back several years, prejudgment interest can equal or even exceed the damages number itself. Careful consideration must be given to the appropriate interest rate and the time period over which it applies. Also critically important are the royalty rate and royalty base used in the damages calculation. Cybersecurity companies should be aware that their prior license agreements may become relevant in a damages analysis, just as in the Cisco case. If these agreements are found to closely relate to the patented technology, any royalty rate that they embody—whether low or high—may help drive a damages computation if a patent suit arises in the future.