Though cybertheft of intellectual property is predicted to dramatically increase over the next 12 months, a significant portion of companies has yet to fully secure their IP assets, according to a survey released by Deloitte Cyber Risk Services. The findings come from a survey of just under 3,000 professionals from organizations across multiple industries, including finance, insurance, hospitality and retail.
In a sign of growing anxiety, over half (58%) of respondents surveyed said they believe that IP cyberthefts will increase over the next year, while 4% expect a decrease in such thefts, and 12% do not expect to see any change at all.
The survey also found that around half of all respondent’s organizations were not prepared for an IP cybertheft, with 12% lacking the infrastructure and technology to secure their IP and 36% currently working toward improving IP handling process and systems. Only around 17% of organizations had security measures in place to protect, and restrict access to, their IP.
In addition, respondents cited employees and company insiders as the most likely group to cause an IP cybertheft, followed by competitors, party vendors, activist groups, and nation-state actors.
Don Fancher, principal at Deloitte Advisory and global leader for Deloitte Forensics & Investigations, noted that although employees can intentionally steal IP assets to enhance their own position at a competitor company, many can also unintentionally cause a theft as well.
This may happen when “a competitor, or a nation-state, whomever it might be, finds a way to utilize an employee to enter into the internal systems of the company and thereby use that access to then capture IP or other proprietary data,” he said.
Such theft may involve social engineering or phishing scams, as well as malware placed unintentionally on a network-connected computer.
To mitigate suck risks, Fancher stressed the need for training programs so that employees can understand “the value of IP to the organization,” as well as “the threats and the risks that can be exposed if IP is stolen or taken.” He also advised organizations to “limit valuable data to only those employees that absolutely need to see it.” In addition, Fancher advised that those who handle IP assets regularly, such as IP attorneys, should be trained more than others.
“When you get to the more technical aspects of the organization, your R&D department, research scientists, the IP attorneys or other attorneys that are handling these agreements and handling these documents, they need to get even further and more extensive training,” Fancher said.
Fancher added that IP attorneys and in-house counsel can also play an important role in managing how IP data is stored and handled among research scientists.
It is not uncommon, Fancher said, for IP thefts to go unrecognized in an organization for some time. “Many companies do not ever realize they’ve been hacked or that their system has been infiltrated for many, many months before their own security system identifies it or in some situations the U.S. government identifies it and then alerts the corporations.”
Ricci Dipshan writes for Legaltech News, an ALM sibling of this newsletter. He can be reached at firstname.lastname@example.org.
The views expressed in the article are those of the authors and not necessarily the views of their clients or other attorneys in their firm.