Intellectual property, or IP, is broader than most people expect. It includes trademarks and patents, of course, but also encompasses employee know-how, internal communications, competitive insights, and budding innovations. Overlooking how much data falls under the umbrella of IP can lead to sensitive information being exposed to unnecessary and unacceptable risks.
Cybercriminals of all stripes target IP because it has immense value, especially compared to basic consumer data. IP is under such persistent attack that companies lose an estimated $300 billion annually, which also leads to the elimination of 2 million jobs. The hard truth is that IP theft is and always will be on the front lines of cybersecurity.
THE COMPLEX LANDSCAPE OF IP THEFT
Companies that discover their IP has been stolen do have some legal recourse, however. The Defend Trade Secrets Act and the Digital Millennium Copyright Act empower companies to take civil action against anyone who misappropriates intellectual property. Unfortunately, neither law is perfect in practice.
DTSA assigns a heavy penalty for IP theft — up to three times the value of the property — as long as plaintiffs can show they’ve taken adequate steps to protect their intellectual property. The most problematic aspect is that different state courts have defined “adequate” differently, leaving unanswered questions about when and how settlements are awarded.
DMCA also has uncertainty. The law was implemented after easy file sharing on the internet began to exacerbate media theft. Consequently, it provides sweeping protections for copyrights but not for patents, trademarks, or other data that should realistically be considered IP. Despite the expansive legal framework in place, IP theft typically leaves victims with limited options.
The simple solution would be to safeguard all IP, a monumentally difficult proposition when insiders are the biggest threat. Research shows that half of all departing employees leave with confidential information, either accidentally or intentionally. And when insiders are motivated to steal, their close proximity to IP makes it easy for them to bypass security controls.
On the other side of the equation, third-party vendors up and down the supply chain can put IP at risk if they’re not trustworthy. Companies are in the difficult position of having to look both inward and outward with equal scrutiny while hoping the laws provide adequate protection. It’s a dire situation, but that doesn’t mean IP protection is impossible.
THE KEY COMPONENTS OF IP CYBERSECURITY
Don’t assume that your existing cybersecurity strategy is adequate at protecting your present and future intellectual property. Fully addressing the unique vulnerabilities of this data will also require a unique strategy with regards to its protection:
On a fundamental level, IP is the lifeblood of your company. If your intellectual property were to fall into the wrong hands, the damage could be impossible to overcome. Instead of treating this data as sensitive, acknowledge it for what it really is: mission-critical.