In a recent survey of nearly 3,000 professionals, Deloitte Advisory Cyber Risk Services discovered 58% of respondents believe intellectual property (IP) cyber theft incidents and attempts will increase in the upcoming year, fueling fears of tarnished brand reputations and uncertain business futures.
The company defines IP theft as the theft of "trade secrets, drawings and plans, or proprietary know-how." IP can make up more than 80% of the value at a single business, Deloitte reports, so the growing concern of cyber theft comes as little surprise.
Fear of IP theft varied across industries. It was highest within the telecom and power/utilities industries, with 68.8% of respondents in each category expressing concern. Other top industries included industrial products & services (64.7%), and automotive (63.9%).
This fear of IP theft is not driven by an actual increase in IP theft, says Adnan Amjad, cyber threat risk management practice leader for Deloitte Advisory Cyber Risk Services. Only 12% of participants report their business has suffered an IP theft incident in the past 12 months. Nearly half (44%) say they have not suffered this type of attack; 32.6% were unsure.
"In our view, [the concern] is not necessarily because of increased activity, but more of an increased awareness that property is at risk," he explains. More businesses have become aware that the products they're creating could be stolen.
When asked about potential adversaries, 20.1% of respondents cited employees or other "insiders" as the most likely source of attack. Other commonly feared sources include competitors (16.3%), activist groups not sponsored by nation-states (12%), third-party businesses with which they engage regularly (11.7%), and nation-states (10.1%).
The number of employees putting data at risk is increasing over the years, says Amjad, and there are two types of workers who pose a threat. Some employees are malicious insiders who actively try to steal information; others have had their accounts compromised and are unaware they are risking corporate data.
When IP theft happens, 22.3% of respondents say the greatest challenge is managing investor and customer/client relationships. Other obstacles include assessing the impact of data loss (21.8%), recovering IP as soon as possible (12.4%), and modifying existing IP to minimize the impact of competitive advantage (10.7%).
"In a lot of cases, organizations don't have a good handle on the value of intellectual property," says Amjad. This makes it difficult to gauge the value of a specific incident. Some industries are exceptions to this trend; for example, life science and software companies are more aware of their IP value.
Businesses don't face as great a challenge when it comes to collecting data or monitoring and blocking apps, he continues. However, many struggle to act on information and enable an end-to-end process for protecting data across the organization.
As it stands, IT pros can do more to safeguard sensitive data. Only 16.7% of respondents say access to IP is very limited and on a need-to-know basis among employees. Most (36.1%) say they're working to strengthen security systems and protocols; 12% say they have no defined program to protect and monitor IP access.
Amjad has a few pieces of advice for organizations struggling with security.
"You should not try to protect every piece of IP," he says. "If you try to protect everything, you're not going to protect anything."
The first step for businesses, he says, is to distinguish the "crown jewels" of data within the organization. Which IP is the reason your business exists? The answer needs to be finite and specific to your organization.
Once this is identified, it's time to ensure the correct defensive processes and tools are in place to protect it. This includes ensuring sufficient legal protection and screening the employees who have access to the data.