The hidden cost of IP theft
Compared with more familiar cyber crimes such as the theft of credit card, consumer health, and other personally identifiable information (PII), IP cyber theft has largely remained in the shadows. That‘s a conclusion that surfaced in an article by Deloitte, entitled The hidden costs of an IP breach.
According to Deloitte, most corporate cybercrimes receive little attention, perhaps because the impact on the public is less visible, and considering the potential brand and reputational damage, companies have little incentive to report or publicize such incidents. Unlike PII breaches, IP theft has ramifications that are more difficult to quantify: fewer upfront, direct costs but potential impacts that might fester unnoticed in the background over months and years. Beyond financial loss, IP theft could result in loss of competitive market advantage or even entire lines of business to competitors or counterfeiters, or worse.
In the past, IP theft was typically perpetrated by inside thieves who gained unauthorized access to documents, computers, prototypes, and other physical things that might be considered or contain proprietary trade secrets. In the digital world, however, IP thieves can operate from anywhere via the Internet, dramatically enlarging the attack surface and numbers of malicious actors – current or former employees, competitors, criminal and recreational hackers, and even foreign saboteurs. According to the report, of most value to digital criminals are trade secrets and proprietary business information that can be monetized quickly. Trade secrets can include drug trial data, a paint formula, a manufacturing process, or a 3D print design; proprietary business information might include a geological survey of shale oil deposits, merger plans, or information about business negotiations and strategies. Copyrighted data, such as software code for data analytics, is also now a popular target. With such a broad scope of information of interest to would-be thieves, IP theft is an issue across nearly every industry and market sector.
What is the true cost of an IP breach and how can it be calculated as many of those costs are “hidden” or indirect and therefore difficult to identify and quantify? Deloitte points out that those costs can include not only well-understood cyber incident costs – such as expenses associated with regulatory compliance, public relations, attorneys’ fees, and cybersecurity improvements – but also less visible and often intangible costs that stretch out over months or even years, including the devaluation of a trade name, revoked contracts, and lost future opportunities.
As challenging as it may be for executives to assess these longer-term and indirect costs, identifying and quantifying the full gamut of potential IP losses is essential to a company’s ability to prioritize its cyber defense efforts. In the report, Deloitte asserted the importance of developing well-defined cyber risk models that align with the specific nature of the given business. Those models can be broken into 3 specific phases:
- Incident triage – in the immediate days or weeks following the discovery of the attack, the company analyzes the extent of the breach, plugs any evident gaps in security, implements emergency business continuity measures, and responds to legal and public relations needs.
- Impact management – the company takes reactive steps to reduce and address the direct consequence of the incident, including the activities required to repair relationships, IT infrastructure, or growing legal challenges.
- Business recovery – in the subsequent months and years, the company proactively repairs damage to the business, aims to countermeasures by competitors looking to profit from stolen information, and shores up their cyber defenses with a focus on longer-term plans.
The report provides many more models and details on how companies can assess the true costs of an IP breach and offers advice on how they can beef up their cybersecurity defenses to protect against such breaches.
When it comes to IP protection, our major concern here at Wibu-Systems is the protection of the IP that resides in our customer’s proprietary software and digital assets, which are typically the lifeblood of their companies and representative of countless man-years of development. Today, software is a key technology enabler for most every industry – from healthcare, medical devices, and life sciences to financial, automotive, and multimedia. Software is also a key attack point for theft, counterfeiting, and reverse engineering. In the industrial world, software is driving the PLCs, sensors, and connected embedded systems behind the Industrial Internet of Things. And here again, software must be protected against those who would attack the integrity of these connected systems for malicious and harmful purposes.
You can read how our customers are protecting their IP with our CodeMeter licensing and security technologies in case studies across many industries.