Michael D. Moberly October 21, 2014 ‘A long form blog where attention span really matters.’
In most instances, there are numerous preludes to the materialization of reputation risk…
I am hard pressed to recall any company or organization I have engaged on intangible asset matters in recent years, irrespective of industry sector, that most anyone with a modicum of familiarity with ‘reputation risk’ could not have identified at least one probable and substantial (reputation) risk waiting to materialize. Naysayers, for which there are many, often argue that risk in general, and reputation risk in particular are inherent facets of doing business in highly competitive and predatorial global environments.
But, seldom, in my view, do reputation risks inexplicably materialize absent the presence of certain’ risk preludes’ or prerequisites, many of which are recognizable in advance, but dismissed, neglected, or arrogantly characterized as merely being drivers of a competitive company’s culture.
A significant percentage of reputation risks erupt when (a.) certain ‘reputation undermining’ acts, behaviors, events, decisions, or culture are tolerated or encouraged and interact with a company’s operations, its transactions, or strategic planning, or (b.) management teams are unfamiliar with the development of intangible assets of which reputation is one.
The speed and trajectory of reputation risks…
The speed which adverse events, acts, and behaviors can coalesce to become legitimate reputation risks remain somewhat speculative in as much as they are variously dependent on (a.) the time frame in which a materialized risk becomes public knowledge, (b.) the adverse economic and competitive advantage affects the risks are producing, and (c.) whether the risk finds a receptive and pre-disposed audience where the risk resonates and achieves the requisite traction which prompts its escalation. This is particularly relevant when a risk manifests in consumer – user death, injury, or adverse health.
Similarly, the trajectory which a particular (reputation) risk may take is seldom more than a ‘best guesstimate’. In other words, the trajectory of a reputation risk is similarly dependent on numerous variables and factors coalescing in a global business climate in which risk in general are become more asymmetric , multi-faceted, and complex insofar as mitigation or internal absorption is concerned.
It is true that some forms of reputation risk intensify quite independently, irrespective of risk prevention, mitigation, and management initiatives. Unfortunately, there is no shortage of company c-suites who naïvely assume that the speed which some reputation risks materialize and the trajectory those risks may take is longer and more predictable than what it ultimately is.
Management teams and decision makers would be well advised to recognize there are few, if any, term (time) limits in which some types of reputation risk can materialize and produce costly and quasi-permanent damage, just ask General Motors.
Reputation risks’ rear view mirror perspective…
Engaging in a quick scan of public domain articles published in business and academic journals, blogs, government agency oversight reports, and other open source media, one quickly sees there is no shortage of media that are purposed to draw attention to the adverse affects associated with materialized reputation risks, albeit with the benefit of a rear view mirror context.
As readers know, identifying potential – probable reputation risks is not, standing alone, a particularly challenging task. But, merely identifying a potential risk seldom includes the necessary analysis and assessment of a company’s desire or ability to distinguish the myriad of acts, behaviors, verbal miscues, or process oversights, etc., which…
- can achieve the requisite traction, external appeal, and media attention to become full blown reputation risks, and
- produce rapid, near and long term adverse effects to the victim company’s economics, competitive advantages, image, goodwill, and of course, reputation.
Similarly, I find there is no particular challenge to engage in a ‘bomb damage assessment’ or reverse investigation in order to reveal reputation risk consequences. What’s necessary is to recognize and understand the points of origin and rationales why a reputation risk materialized in the first place and why it intensified.
Michael D. Moberly October 17. 2014 ‘A blog where attention span really matters’!
Business reputation risk emerging as a specialized security discipline…
Mitigating business reputation risk is evolving into a specialized discipline and presumably one that will eventually produce some obligatory (dedicated) education and certification not unlike what is already associated with other disciplines with standalone specializations. For example, in the security and asset protection field, the American Society for Industrial Security International has differentiated its membership interests and expertise through 29 Councils, each reflecting a particular facet of security, loss prevention, and asset protection to the private, public, and government sectors.
With respect to mitigating company reputation risk, I suspect, in the not too distant future, ASIS International will recognize the relevance and distinctive contributions made by reputation risk specialists and accordingly adopt another Council.
Public relations argue reputation risk rooted there…
There are countless public relations firms and solo PR practitioners who characterize mitigation and management of reputation risk as having roots in their profession and thus should be and frequently tweak there services accordingly to convey their profession as the presumptive lead, insofar as being the logical first choice resource and service which companies experiencing materialized reputation risks should turn to for mounting a response, and monitoring, mitigating, and managing such risks.
Rising percentages of security practitioners engaged in reputation risk issues…
Interesting, in as much as I am an intangible asset strategist and risk specialist, I find, anecdotally, admissions of rising percentages of security, loss prevention, and asset protection practitioners time being devoted to addressing risks related to a companies’ intangible assets which reputation, brand, image and goodwill are certainly integral components.
A recent example of security’s rising interest in and obvious mandate to learn more and engage company reputation risk was evidenced by the first full presentation devoted exclusively to reputation risk being accepted for delivery at ASIS Internationals’ 2014 (September 28 – October 1) Annual Seminar & Exhibits. The speakers for this presentation were myself, Dr. Nir Kossovsky, and Kevin Peterson with the session attracting 100+ attendees.
Security professionals are frequently horizontal lookers and thinkers…
Often, I find security, loss prevention, and asset protection practitioners possess a distinguishing attribute, that being horizonal looking and thinking. In other words, they are inclined to foresee and devise on strategies to deter, mitigate, if not prevent, new and anticipated risks and threats before they materialize and adversely affect their employer or clients’ assets. More specifically, security professionals are acquiring a stronger appreciation for the economic fact that 80+% of most companies value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets, which again, company reputation is one!
Another favorable product to security’s elevated operational familiarity with intangible assets sector – discipline specific experience with intangibles is that their ‘horizontal attributes’ render them both inclined and able to identify and unravel niches of overlooked – unmet business risks, and challenges which warrant resolution, ala risk to a company’s reputation.
Too, security administrators are well positioned to draw attention to such unrecognized or dismissed risks by characterizing them in probable, costly, and often irrevocable impact contexts.
As always, reader comments are most welcome!
Michael D. Moberly October 8, 2014 ‘A long form blog where attention span really matters’.
CENTRA Technologies 2010 study, ‘Estimating the Economic Costs of Espionage’ close to perfection…
In an excellent, but somewhat overlooked, report published in May, 2010 and prepared for CENTRA Technology by the George Bush School of Government and Public Service at Texas A&M University, ‘researchers constructed a model initially designed for use by the government sector, but which, I find, has relevance to the private sector because it measures economic espionage losses by industry sector.
More specifically, the model identifies and distinguishes the severity and consequences of economic – cyber espionage incidents to the U.S. economy. The ‘CENTRA’ model which Texas A&M researchers constructed…
applies a (loss) ‘severity score’ between 0 and 1, and include open source (case study, incident) information so as to provide a qualitative estimate of the economic “consequences”.
- moderate, and/or
- high adverse (economic) consequences – losses, relative to
- the victim company’s industry sector, and thus factors two sets of variables, i.e.,
- Industry variables, i.e., assess the significance of where the incident of economic espionage occurred.
- the victim company’s industry sector, and thus factors two sets of variables, i.e.,
Note: Industry is derived from a combination of the percentage of GDP for each of the 14 industry sectors and the susceptibility/vulnerability of each sector. This process enables the CENTRA model to be individualized to a specific industry and recognizing potentially different consequences to the U.S. economy.
- Case variables i.e., assess the significance of economic espionage incidents on the basis of…
- characteristics of the theft (incident) itself.
- costs directly attributable to the incident (loss) and
- who the beneficiaries to the incident actually are.
- Seldom are two incidents of economic espionage identical. To address this, Texas A&M researchers, developed a system for weighing the variables and questions further analysis that such ‘weights’ prompt.
- So, the Texas A&M model requires practitioners to…
- first, identify the industry sector in which the incident occurred, and
- second, identify (individual, specific) ‘case – incident variables’.Ultimately, with all the variables measured, standardized, and weighted against each other, the CENTRA model calculates an overall severity score, which corresponds to individualized (company specific) consequence to incidents of cyber-economic espionage.
This post was inspired by a George Bush School of Government and Public Service, Texas A&M University research project titled “Estimating the Economic Costs of Espionage”. The reports was prepared for CENTRA Technology by the the Capstone research team comprised of Rich Bell, J. Ethan Bennett, Jillian R. Boles, David M. Goodoien, Jeff W. Irving, Philip B. Kuhlman, and Amanda K. White.
As always, reader comments are most welcome.
Michael D. Moberly October 7, 2014 ‘A long form blog where attention span really matters’.
In 2013, CSIS (Center for Strategic and International Studies) and McAfee partnered to examine cyber – economic espionage impact in a manner more inclusive than what I have previously observed over the past 25+ years. Dr. James Lewis, Senior Fellow and Director of CSIS’ Center for Technology and Public Policy Program, who directed the study, offered his best guess that ‘the upper limit of the costs-losses attributed to cyber – economic espionage might be under one percent of the GDP’ (gross domestic product). Lewis also states, and I paraphrase, ‘U.S. economic costs-losses to cybercrime and economic espionage attributed specifically to – originating in China, may reach as much as $140 billion annually’.
Lewis translates the $140 billion annual IP loss to 508,000 jobs…
While I have no basis to dispute those figures, or question Dr. Lewis’ experienced and respected record of achievements in the cyber crime – economic espionage arena, I do suggest there are two key factors necessary to arrive at the $140 billion annual loss figure, i.e.,
- determining which assets and/or impacts to include (factor) and
- the methodology for determining the lost assets’ near and long term value in terms of costs and losses companies will experience with respect to such things as market space, competitive advantages, profitability, sustainability, etc.
But, Lewis claims, and I agree, describing value loss – impact estimates with broad ranges is indicative of the difficulty in calculating losses. Accordingly, companies may be reluctant to reveal (their) victimization impacts, i.e., victim companies may be inclined to (a.) conceal particular portions of their losses, or, (b.) not know how to distinguish which/what intangible assets were targeted, stolen, comprised, or misappropriated. But, Lewis wisely, casts wide ranging estimates of losses attributed to cyber – economic espionage in other contexts, starting with World Bank reports which state global GDP stood at about $70 trillion for the year 2011. Thus, a $400 billion loss representing the high end range of probable losses attributed to cyber crime and cyber espionage is a fraction of a percent of the global GDP figure. This, Lewis says, prompts additional questions, several of which I have been examining for many years, e.g. who are recipients and/or ultimate beneficiaries of the acquired (intangible) assets; can they expect to – be positioned to maximize those benefits, e.g., market (space) position, sector competitive advantages, reputation, value, sources of revenue, profitability, etc.
Conventional loss surveys assess – assign dollar value to losses… Some IP and intangible asset theft – loss estimates rely on surveys, which Lewis correctly points out, generally produce imprecise findings because among other things respondents, are inclined to “self-select” which can become a source of distortion to the findings. Lewis suggests loss estimates should be based on “scale and effect” which ‘will likely produce quite different and possibly more objective and accurate results in terms of adverse impacts and loss values’.
CSIS – McAfee Assessment model… Lewis’ intent was to bring greater clarity and validity to the loss figures being reported, so data from ‘car crashes’, ‘retail pilferage/shrinkage’, ‘crime stats’, and ‘drug usage’ were examined for their relevance and comparison as methodologies to draw upon insofar devising CSIS’ assessment (valuation) model. By incorporating these analogies into the design of their loss valuation assessment model, Lewis, and McAfee were suggesting it’s problematic to rely on conventional (existing) survey methodologies to calculate dollar value for losses, because, among other things…
- companies that (publicly) reveal their losses are frequently unfamiliar with distinguishing the actual (proprietary, IP, intangible) assets which were stolen, compromised, or infringed, thus more guesstimates.
- intellectual property – intangible asset losses are difficult to quantify because relevant dependant variables are often absent from the equation, and, often
- the self-selection process associated with most conventional survey methodologies, frequently produces distortion in the findings.
CSIS model includes components – classifications of malicious cyber activity and economic espionage…
This, Lewis gleans, by asking ‘what should be included and counted insofar as arriving at more precise loss estimates’, i.e., there…
- was a loss of intangible assets, i.e., intellectual property, sensitive business confidential/- proprietary information.
- was an actual crime committed, i.e., a violation of federal law.
- were opportunity costs, i.e., business and/or service disruptions that adversely effected consumer/customer expectations, particularly those related to the victimized company’s online activities.
- would be additional costs incurred relative to…
- re-securing their IT networks.
- achieving greater company resilience insofar as to recovering from future cyber – economic espionage attacks, and
- developing/executing business continuity plans designed to provide more rapid and fuller recovery when future attacks occur.
- were damages to company reputations which tend to have a longer period for recovery, and lastly,
- were costs to re-establish and re-secure company supply chain networks.
What’s the harm…?
If Lewis is correct in inferring there have, inadvertently, become “tolerated costs” and/or ‘ceilings’ for estimating losses.
So, a different perspective; is economic-cyber espionage the greatest transfer of wealth in history, or merely a rounding error in countries’ GDP…?
This, of course represents a perspective intended to elevate the significance and acknowledge the adverse impact of cybercrime-economic espionage, while the former represents a perspective intended to diminish the ‘sticker shock’ of the adverse economic impacts by characterizing them as percentages of national GDP’s.
As always reader comments are most welcome.
Michael D. Moberly October 6, 2014 ‘A long form blog where attention span really matters.’
Stolen, misappropriated IP and other intangible assets…
When values are calculated and assigned to stolen, misappropriated, and/or otherwise compromised intangible assets, i.e., intellectual and structural capital particularly, they may be (a.) quite subjective, (b.) merely regurgitated guesstimates, and/or (c.) embedded with inadvertent biases or political agendas and other variables that inevitably influence high or low valuations.
For example, it’s quite common to witness pundits and open source media to merely regurgitate high dollar losses (impacts) attributed to cyber – economic espionage, ranging between $100 to $500+ billion annually to the U.S. alone.
The worlds’ second oldest profession…
It’s important to recognize that an, as yet unknown percentage of malicious cyber activity, evolves into economic espionage.
There remain a percentage of policymakers, company c-suites, and management teams who find it to be an especially challenging ‘to get their arms and heads around’ insofar as articulating, with strategic clarity, precisely why cyber – information asset protection security and economic espionage prevention/mitigation initiatives are essential from the outset to any business initiative.
Objective calculation of losses and costs to materialized risks…
Calculating and assigning a dollar value to losses and costs associated with cyber crimes, particularly those which culminate in economic espionage, may appear, at first blush, to be relatively straightforward tasks. But, to be sure, there is much more to calculating and assigning dollar values to costs – losses than acquiescing to mere guesstimates.
Factors that influence companies to go public with their victimization…
Going public, represents, among other things, a companies’ admission of being victimized followed by a guesstimated admission of the extent – value of the losses attributed to the adverse acts, which, are often initially framed in passionate and angry descriptions how the acts and losses will impact the victims’ company..
Victim anger and passion aside, we know it is challenging to determine, let alone isolate and accurately assess asset losses rapidly. In many instances, that’s because, the losses are not limited solely to stolen or undermined intellectual property or capital, i.e., trade secrets, and proprietary information, etc. Instead, the full extent of a targeted companies’ losses are frequently more strategic and include equally valuable structural and relationship capital and thus may not be immediately measurable or fully realized and calculated until well after the fact.
Again, assigning specific price tags to companies’ cyber – economic espionage losses is a challenging undertaking, because the processes are often embedded with subjective assessments that do not reflect a comprehensive accounting of the ‘contributory value’ of various assets which serve as foundations to an infringed patent. For example, it’s not especially prudent then to assume the findings of the various surveys and studies produced over the years are the result of using objective data and calculations free from the influence of larger political, social, and national security agendas.
Since the passage of the Economic Espionage Act (EEA) in October, 1996, there has been no shortage of surveys and studies produced whose focus has largely been to ‘dramatize’ the costs, losses, and adverse impacts attributed to cybercrime and economic espionage.
Having read and studied most, if not each of these studies/surveys over the past 25+ years, I interpret many of the methodologies and findings to be somewhat competitive in the sense that each appears to be conceptually broader in the ranges of dollar losses and adverse economic impacts and characterized in more dramatic fashion.
Calculating losses attributed to economic espionage require objectively framed equations…
For many years there has been a general inclination to accept, perhaps naively, after-the-fact prognosticative research regarding the valuation of losses attributed to cyber – economic espionage.
My counsel on that matter is that any formula or conventional intangible asset valuation methodology used to calculate the loss and/or compromise of intellectual properties should differentiate the assets which have been stolen and/or compromised by category, i.e., intellectual, structural, and relationship capital.
As always, reader comments are most welcome!
Michael D. Moberly September 24, 2014 ‘A blog where attention span really matters’!
Reputation risk management is not rocket science…
Company reputation risk represents a phenomenon which I believe most would agree, seldom needs to rise to the level of ‘rocket science’! Instead, reputation risk prevention, mitigation, and management require, among other things, consistency in…
- in product-service design, content, production, and delivery.
- processes for monitoring and responding to consumer-stakeholder likes-dislikes, i.e., opinions and criticisms without conveying sense of superiority, condescension, or indifference.
- anticipating origins and motives for reputation risks to materialize.
In most instances I believe, if a company’s reputation risk antenna are raised, and its radar is functioning effectively and both pointed toward customers, consumers, stakeholders, and horizontal risks, management teams can become aware of and assess various risks before or as they emerge, in other words at the earliest stages of (reputation risk) materialization.
One need not look far today…
One need not look far to observe the costly and often times irreversible remnants of fully materialized reputation risks that have gone unabated and enveloped companies, unfortunately, but frequently owing to various combinations of sight – hearing challenged management teams and occasional self-deluded wishful thinking combined with optically arrogant produced initiatives believed would improve and/or mitigate the circumstances.
Awkward and disingenuous…
Unfortunately, in numerous instances, and quite needlessly, when company reputation risks emerge, then materialize, the initial response appears awkward and disingenuous and must be ‘walked backed’ which collectively conveys to constituents whom the appeals are directed, a sense of unpreparedness, ineptness, and/or poor or non-existent counsel.
Again, when this occurs, company management teams have engaged in a substantial disservice to their cause, particularly if they assume thestakeholders, consumers, customers, and the multiple media and social media platforms whom they are endeavoring to message, are incapable of independent interpretation and assessment of a spokesperson’s artfully nuanced reputation risk mitigation language.
Did they really say that…?
With respect to the numerous (company) reputation risk events that have emerged in recent weeks and months, many have prompted me to ask…
- did she really just say that?
- didn’t she allow a trusted advisor to review her media language for alternative interpretations before rushing to a podium?
- how could she and her management team not have foreseen that when ‘x’ events, acts, and/or behaviors occur, it often produces fertile ground for risks to emerge that will simultaneously produce adverse affects to reputation, image, brand, etc.
Reputation risk Watergate style…
If a company spokesperson’s initial response to a materialized reputation risk suggests the event act, or behavior which precipitated the present risk is the first, I am inclined to be suspect of that management teams’ reputation risk monitoring obligation. So, in many respects, it appears that reputation risk inquiries have often boiled down to three of the more memorable questions posed to witnesses during the U.S. Senate’s ‘Watergate’ hearings held in 1973, that is
- what did you know?
- when did you know it?, and
- what did you do about it once you knew it?
Granted, with few obvious exceptions, materialized reputation risks to companies seldom draw the ire of Congress to the point of holding a hearing and subpoenaing c-suites to testify and account.
Company leadership proficiencies…
Company leadership and their designee’s are obliged now to be proficient insofar as anticipating, monitoring, and responding to reputation risks. One, among numerous reasons is that for company management teams which have had the wisdom, foresight, and good fortune to have ‘banked’ portions of constituent trust and goodwill and allow it to accumulate, all-the-while recognizing that their ‘bank balance’ can rapidly be depleted when substantial reputation risks emerge and the company’s responses to the ‘Watergate style’ questions described above prove disappointing, e.g., leadership ‘first responders’ convey…
- indifference and awkwardness with respect to possessing the professional demeanor and fortitude to effectively and favorably articulate the situation and direct the company to favorable reputational normalcy.
- ignorance as to the speed which reputation risks can emerge, materialize, and escalate only to claim insufficient time to conduct an investigation and respond accurately to the inevitable questions.
At minimum, the above, are preludes to commencing the costly and lengthy road to restore even partial recovery and replenish a company’s bank balance of trust, goodwill, and expectations!
C-suites should expect…
When substantial reputation risks strike a company its prudent for c-suites to expect consumers, stakeholders, the mainstream and social media respectively, to press for straight talk and transparency because each affected constituent group has become quite adept at dissecting and assessing a spokesperson’s authenticity and the validity of their responses, i.e., admissions of initial bungling, promises of future corrective action, and ‘throwing the most notorious violators farther and farther under the bus’.
Company reputations’ unraveling before our eyes…
Unfortunately, it has become far to routine to witness companies’ demise, i.e., their reputation unraveling before our eyes. And, we seldom have to wait very long to witness the next victim of usually a self-inflicted reputation risk wound. Also, many company management teams now understand the origins and costly remnants of materialized reputation risks, particularly those which have been shabbily handled through a combination of…
- naiveté or wishful thinking
- optically arrogant or indifferent statements.
In many respects, it appears for some company leaders, their initial action or inaction to a materialized reputation risk may ignite an already smoldering set of circumstances along with a pessimistically receptive constituent culture.
As always, reader comments are welcome.
Michael D. Moberly September 8, 2014 A long form blog where attention span really matters!
In this increasingly intertwined economic, political, and business global environment, we should come to recognize that neither citizens nor governments’ experience much, if any, strategic effectiveness/benefits by engaging in policies, military or diplomatic, which are understandably preceded with a “degrade and destroy” message. In other words, the ‘isms’ of terrorism, are treated as if they are tangible or physical assets, rather than intangible (non-physical) assets, and hence, once destroyed, contained, or substantially degraded, become irreplaceable or irreproducible in their previous form.
Yes, the terrorists themselves along with a large percentage of the acts they engage are very physical and tangible entities and absolutely despicable acts as are the horrifying and animalistic brutalities some participate. But, in large part their motivations and the associated ‘isms’ are strewn with and embedded, in an especially perverse sort of way, with intangibles, i.e., intellectual, structural, and relationship capital.
That is, the ‘isms’ embedded in much of the terrorists’ acts which we have seen and read about, particularly in recent weeks, regarding ISIL, are comprised of conglomerations of highly dogmatic manifestations in thinking, processes, and relationships. What’s more, these manifestations of intangibles have morphed into magnets in which single-minded ruthlessness has morphed into an inexplicably attractive recruiting mechanism.
That is not to suggest governments and all of their respective defense might are incapable of mitigating or defending against the ‘isms’ of global terror. But, if one examines and responds to terrorism through an intangible vs. tangible asset lens, perhaps the range of potential methodologies and options would look differently and the outcomes more desirable. A plausible possibility, right?
Respectfully, and most understandably, conventional anti-terrorism initiatives, while they may prompt immediate feel good responses in as much as they may ‘cut off the head of the snake’ as conveyed by General Colin Powell, former Chair, Joint Chiefs of Staff, Gulf War I. It’s quite clear, such tactics alone, seldom, if ever, produce the desired strategic change deeply embedded in hundreds of years of sect mistrust, war, and terrorism. Again, the ‘isms’ have become highly personalized often through individualized receptivity to radicalization in which intellectual, structural, and relationship capital (intangible assets) serve as underliers to the ‘isms’ of terror, which unfortunately often remain simplistically characterized as ‘winning the hearts and minds’ of an adversary.
Radicalization manifest as one transforms, re-purposes, and seeks congruence to their newly adopted intellectual, structural, and relationship capital, through alignment and/or participation in a terrorist organization.
Admittedly, I am an intangible asset strategist and risk specialist and direct my experience in intellectual, structural and relationship capital matters to serving the (private) business sector. I was also an airborne infantryman assigned to the 173d Airborne Brigade in Bin Dinh Province of South Viet Nam in 1969 in which there where both highly tangible military and intangible humanitarian tactics applied. The outcome…
As always, readers comments are most welcome.
Michael D. Moberly August 20, 2014 ‘A long form blog where attention span really matters’!
The globally irreversible economic shift away from tangible (physical) asset business dominance to intangible (non-physical) asset business dominance has paved the way for law firms to offer differentiating, relevant, and client specific services related to the management, stewardship, and oversight of their intangible assets. To believe otherwise would certainly constitute an irreparable misreading of the global economic and competitive advantage tea leaves.
This post provides compelling and viable rationales why boutique intellectual property and full service law firms will find it prudent, lucrative, and produce strategically durable competitive advantages and differentiators by delivering intangible asset specific services in business clients.
Why law firms should take note…
One reason emanates from Stone v Ritter (911 A.2d 362 (Del. 2006) which would obligate company leadership, akin to a fiduciary responsibility, to achieve sufficient operational familiarity with their intangible assets to provide consistent and effective asset stewardship, oversight, and management. More specifically, keep boards and significant stakeholders apprised of the status of key, revenue producing intangible assets.
Through my lens, Stone v. Ritter legitimizes opportunities for law firms, so inclined and inspired, to acquire the relevant skill sets to enable articulation and delivery of a variety of intangible asset services to today’s more enlightened and receptive business clients regardless of sector, size, or location. The skill sets will accrue as firm differentiators and competitive advantages to help mitigate stagnating revenues.
Comprehensive intangible asset services…
Collectively, the global universality of intangibles’ and business client’s increasing recognition they are valuable contributors – underliers to company profitability and sustainability, constitutes valid rationales and positioning for motivated law firms to respectfully engage both existing and prospective clients with proposals for intangible asset services. The addition of these services produce realistic potential for a law firm to become the initial and exclusive provider of a range of long-lasting intangible asset related legal services because intangible assets are always in play, and thus relevant components to every business client’s operations, initiatives, and/or transactions they routinely engage.
In a global business environment in which 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability evolve directly from intangible assets, it’s no particular secret that conventional financial statements and balance sheets, wherein intangibles largely go unreported, under-valued, and otherwise, unaccounted for, do not provide a complete picture of a company’s soundness, its value, or its strategic and competitive advantage health and potential.
It’s an undisputed and irreversible economic fact today that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability today either lie in or directly evolve from 15+ distinct categories of intangible assets ranging from intellectual, structural, and relationship capital, to reputation, brand, R&D, contracts, and hybrid (proprietary) technologies, etc.
Also emanating from this economic fact is the reality that business clients will, with increasing frequency, become fiduciarily obligated to seek legal advisory services variously related to the stewardship, oversight, management, commercialization, and safeguarding of the array of nuanced and company centric intangible assets they produce internally or acquire externally.
Original horizonal thinking and planning…
Law firm strategic planning is no longer a managerial luxury rather it has become a necessity for assuring firm sustainability, profitability, and brand. Collectively, the new realities associated with intangible asset business dominance, warrant levels of thinking and planning that permit horizontal sighted law firms and attorneys the latitude to secure the necessary skill sets to accommodate the expanding range of legal service opportunities emanating from the permanent role of intangible assets in today’s increasingly complex and globally intertwined business incubation, development, growth, and transaction environments.
Intangible asset intensive companies growing globally…
There is no other time in business governance – management history when steadily rising percentages of company value, sources of revenue, and growth potential originate, almost exclusively, from intangible assets.
The contributory value which unique and frequently company/operation centric (proprietary) intangible assets make to company’s value, revenue, competitiveness, brand, and market position, etc., are all too often, under-appreciated, undervalued, un-protected and ultimately their value becomes diluted or melds into open sources to be used by competitors..
Intangible assets are no longer mere tools to manage tangible (physical) assets. Instead, intangibles’ are frequently stand alone commodities that can be developed, positioned, and utilized to produce revenue, enhance competitive advantages, and add value to a company.
But, intellectual property and other forms of (proprietary) intangible assets, particularly intellectual, structural, and relationship capital, can advance a company economically and competitively, only so long as their control, use, ownership, value, and materiality are monitored and sustained.
However, the time frame when company’s can realize the most value from their intangible assets lies in their respective contributory value and functionality (life) cycles both of which are being compressed today, due in no small part to (a.) lower barriers to market, supply, and distribution chain entry by competitors, and (b.) rapid profits accruing to globally predatorial product/service piracy and counterfeiting operations that consistently pollute and de-value legitimate asset supply chains.
Forward looking prudence…
Staying out front of law firms’ go fast, go hard, go global business clientele is best achieved by developing and articulating proprietary and client specific intangible asset services that will accommodate the inevitable and irreversible needs and demands of current and future clients.
Adding intangible asset services to law firms’ repertoire will be disruptive…
For some attorneys and firms, delivering services specific to intangible assets will be misinterpreted as operationally disruptive to time honored conventions for delivering client services and therefore, dismissed. Respectfully, I do not believe such machinations are or should be relevant in the increasingly aggressive, predatorial, and winner-take-all professional services sector which we are in the midst.
Admittedly, not every firm’s business clients have achieved full operational familiarity with their intangible assets to articulate, with specificity, what legal services they need now and will need in the future. Through my lens, that’s a strong rationale why law firms should be tactically and strategically prepared now as the need and demand for such services rises, which it is sure to do.
Law firm re-boot, tactical and strategic speed…
Again, through my lens, what’s being proposed here is not exclusively an if or when, proposition. Rather it represents a rationale why law firms should consider re-booting themselves to inexpensively and rapidly acquire the capacity to achieve a level of professional comfort and expertise to engage clients’ about identifying, unraveling, distinguishing, exploiting, safeguarding, and monitoring the value, materiality, and risk to their intangible assets.
More specifically, while many law firms’ tactical speed, i.e., the efficiencies related to delivering client services, etc., remain important, continuing to be dismissive about firm’s strategic speed, i.e., developing proactive client services that directly reflect globally universal changes in economics is critical to firms’ sustainability. In other words, law firm strategic planning should be designed and executed so as to ‘avoid continuing to skate where the puck was, rather skate to where the puck is now and will be in the future’!
My counsel to law firms is to engage in strategic planning that includes a strong and collaborative vision that encompasses a firms’:
- organizational structure in terms of how its various practice areas and expertise can be collaboratively aligned to better address business clients’ intangible asset (service) needs, and
- become more accommodating to the inevitable and collective (global) universalities which the dominance of intangible assets produce.
In other words, attorneys’ and their respective practice areas are now obliged to consider how they may achieve a collaboratively lucrative solution insofar as providing intangible asset services. In other words, help structure the firms’ future to meet its future!
As always, reader comments are most welcome.
Michael D. Moberly August 17, 2014 ‘A long form blog where attention span really matters’!
A collaborative partnership… In 2013, CSIS (Center for Security and Internal Studies) and McAfee partnered to examine cyber – economic espionage impact in a manner more inclusive than what I have previously observed over the past 25+ years. Spoiler alert; Dr. James Lewis, Senior Fellow and Director of CSIS’ Center for Technology and Public Policy Program offered his best guess that ‘the upper limit (of the costs-losses attributed to cyber – economic espionage) might be somewhere under one percent of the GDP’ (gross domestic product). Lewis also states, and I paraphrase, ‘U.S. economic costs-losses to cybercrime and economic espionage attributed specifically to – originating in China, may reach as much as $140 billion annually’.
$140 billion annually, 508,000 jobs…
While I have no basis to dispute those figure, or question Dr. Lewis’ experienced and respected record of achievements in the cyber crime – economic espionage arena, I do suggest there may be some predictable factors insofar as arriving at the $140 billion annual loss figure especially. One of which lies in determining which assets and/or impacts to include and the methodology for determining their near term and long term value in terms of costs and losses companies will experience with respect to market space, competitive advantages, sustainability, etc. Routinely, asset loss – impact valuations attributed to cyber-economic espionage, irrespective of their accuracy or objectivity, produce dollar values characterized in broad ranges on the plus – minus side. Lewis claims, and I agree, describing value loss – impact estimates with such broad range estimates is reflective of multiple difficulties, among them being, as readers know, numerous companies may…
- be reluctant to reveal or inclined to conceal their losses,
- not know precisely which/what assets were targeted, stolen, comprised, or misappropriated.
Intellectual property (and other forms of intangible assets) are challenging to value with consistency and objectivity. So, when values are calculated and assigned to stolen, misappropriated, and/or otherwise compromised intangible assets, i.e., intellectual and structural capital particularly, those figures, in my judgment, may be somewhat subjective and/or embedded with a particular bias or even agenda that in turn may influence high or low valuations.
For example, it’s relatively common to see open source media and their ‘talking heads’ to merely regurgitate extraordinarily high dollar volume losses (impacts) to the U.S. economy, attributed to cyber – economic espionage, ranging between $100 and $500+ billion annually.
But, Lewis wisely, yet provocatively, casts such wide ranging estimates of losses attributed to cyber – economic espionage in other contexts, starting with World Bank reports which state global GDP stood at about $70 trillion for the year 2011. Thus, a $400 billion loss representing the high end range of probable losses caused by cyber crime and cyber espionage is a fraction of a percent of that global GDP figure. This, Lewis says, prompts additional questions, something which I have examined for many years, e.g. can the recipients and/or ultimate beneficiary of the targeted-acquired intangible assets expect to maximize their benefit and use? A second question focuses on the damage to victim companies relative to the cumulative effect of cybercrime and cyber espionage, i.e., market space position, sector competitive advantages, reputation risk, etc.
Having thoroughly studied many, what I respectfully refer to as ‘guesstimated’ economic espionage and stolen/infringed intellectual property (IP) reports over the course of 20+ years, I genuinely believe Dr. Lewis’ findings to be as flawless, encompassing, and accurate as can be reasonably expected in the multi-faceted and ambiguous arena from which to acquire reliable and replicable data points. For example, quite interestingly, the CSIS – McAfee report translates these asset loss estimates as representing perhaps as many as 508,000 U.S. jobs.
Conventional surveys to assess – assign dollar value to losses…
Some IP and intangible asset theft – loss estimates rely on surveys, which Lewis quite correctly points out, generally provide imprecise values, unless the survey itself has been carefully constructed and managed. Too, a common challenge, insofar achieving credence to cyber-security-espionage survey findings, Dr. Lewis also points out, is that (survey) respondents are inclined to “self-select”. When this occurs, it introduces a potential source of distortion to the results. So, being mindful of these and other data collection challenges to this already sensitive topic for companies, Lewis suggests loss estimates be based on assumptions about scale and effect. Changing those assumptions, Lewis argues, will likely deliver quite different results in terms of loss values.
CSIS – McAfee Assessment model…
As a demonstration of Lewis’ intent to be as objective and encompassing as possible insofar as valuing losses attributed cyber and economic espionage, CSIS secured the expertise of prominent economists, intellectual property experts, security researchers, and even incorporated, what could appear at first blush irrelevant analogies to bring clarity to the figures they were reporting, e.g., comparative statistics for car crashes, product piracy, pilferage, crime stats, and drug usage which collectively were integrated, for comparison purposes, to serve as frameworks to draw upon in devising their assessment (valuation) model. By incorporating these analogies in the design of their assessment model, Dr. Lewis, CSIS, and McAfee were essentially suggesting, should my interpretation be correct, it’s problematic to rely exclusively on conventional methodologies, particularly time honored surveys, to identify dollar values to losses attributed to cyber-economic because…
- companies that (publicly) reveal losses attributed to cyber – economic espionage are frequently unable to distinguish, with the necessary precision, the actual (proprietary, IP, intangible) assets which were stolen, compromised, or infringed.
- intellectual property – intangible asset losses are admittedly difficult to quantify with consensus, and when they are, the assessment – valuation is likely to reflect subjective guesstimates absent factoring numerous dependant variables which are invariably in play.
- the self-selection process associated with most conventional (time honored) survey methodologies, frequently produce some distortion to the findings.
CSIS model includes six classifications of cyber – economic espionage…
Insofar as actually commencing this much needed project, CSIS classified malicious cyber – economic espionage activities into six areas, i.e., wherein there…
- was a loss of intellectual property occurred.
- was an actual crime committed, i.e., a violation of federal law.
- was a loss of sensitive – proprietary business information.
- were opportunity costs involved, including business and/or service disruptions that adversely effected consumer/customer expectations and trust particularly those related to the victim company’s online activities.
- would be additional costs incurred by the victim company relative to securing their IT networks and incorporate greater resilience measures to provide quicker and fuller recovery when future attacks occur.
- damages manifested – materialized as reputational risks to the victim company.
Each of the above should be examined through a lens of reverence in that there is little question the inclusion of these and other factors, collectively help victim companies arrive at a more comprehensive and current appreciation for the losses, costs, and overall impacts caused by acts of cyber – economic espionage.
The worlds’ second oldest profession…
Economic (industrial) espionage is often euphemistically referred to as the world’s second oldest profession behind, of course, to prostitution. Readers do recognize that an, as yet unknown percentage of malicious cyber activity, evolves as economic espionage and is an obvious by-product of the continually evolving IT and Internet arenas. But still, as both cyber – economic espionage are irreversibly embedded in global cultures and business, there remain a percentage of policymakers, company c-suites, and management teams who find it a challenging phenomenon ‘to get their arms and heads around’ insofar as articulating, with strategic clarity, precisely why cyber security and economic espionage prevention/mitigation initiatives are so essential. The answers to these increasingly critical concerns, either of which, when they materialize, can produce substantial, if not utterly debilitating adverse effects to a company’s value, sources of revenue, profitability, growth potential, and overall sustainability. lie in well grounded research to aid c-suites and boards in framing their near term and strategic decisions, actions, and responses. CSIS – McAfee identified components of malicious cyber activity… In the CSIS – McAfee report, Lewis quite appropriately asks what should be counted insofar as arriving at better loss estimates attributed to cybercrime and cyber (economic) espionage. Interestingly, in an effort to address this question, Lewis categorizes malicious cyber activity into the following components, i.e., the…
- loss of intangible assets, i.e., intellectual property and sensitive business confidential/- proprietary information.
- opportunity costs linked to…
- service and employment disruptions, and
- reduced trust in online services and activities.
- additional costs
- securing company and supply chain networks
- resilience to – recovering from cyber attacks, i.e., developing/executing business continuity and resilience procedures.
- reputational risk materialization and damages.
What’s the harm…? If Dr. Lewis is correct in assuming, through the analogies he describes in the Report, some of which appear tantamount to inferring there are “tolerated costs” within in the realm of cyber crime and cyber espionage which manifest as a ‘ceiling’ of sorts, for estimating losses. This suggests that, at most, cybercrime and cyber espionage costs less than 1% of GDP. For the U.S. then, in the context of its GDP, Lewis’ best guess is that losses (caused by cyber crime and cyber espionage) may reach $100 million annually. To provide context for this estimate, Lewis points out that annual expenditures on research and development in the US are $400 billion annually, and $100 million in stolen/misappropriated intellectual properties he offers, does not translate to dollar for dollar gain to the recipients and/or ultimate beneficiaries, i.e., the economic, competitive advantage adversaries! As always, reader comments are most welcome!
Michael D. Moberly August 11, 2014 ‘A long form blog where attention span really matters.’
Objective calculation of losses and costs.
Calculating and assigning a dollar value to losses and costs associated with cyber crimes, particularly those which culminate in economic espionage, may appear at first blush to be relatively straightforward tasks. However, when intellectual properties and other categories of intangible assets are targeted and acquired by economic and competitive advantage adversaries, the legitimate holder of those assets is obliged to objectively assess their value?
Similarly, if a cyber attack temporarily brings down a company’s IT network, the targeted company is obliged to objectively calculate losses to productivity, sales, and essential communications as well as costs to return their system to operational normalcy with the necessart security upgrades. Obviously, there is much more to calculating and assigning a dollar values to such costs/losses than engaging in more guesstimates.
For regular readers, it should come as no surprise that there are significant differences of opinion globally about calculating the costs and losses attributed to malicious cyber activity and economic espionage directed to companies’ R&D, university-corporate research consortiums, etc. As conveyed in previous posts at this blog, dollar value losses cited in numerous respected surveys and studies range from a mere few billion dollars to hundreds of billion dollars annually. To be sure, assigning specific price tags to companies’ cyber – economic espionage losses is challenging, but too, the processes are often embedded with subjective assessments that do not reflect a comprehensive accounting of the peripheral and contributory value of each of the other intangible assets underlying a patent for example. So, it may not be especially prudent to assume the findings of the various surveys and studies have been reached using objective data or calculations that are free from the influence of larger political, social, and national security agendas. This may be a reason why we are witnessing such a broad range of loss estimates regarding cyber – economic espionage.
Is economic-cyber the greatest transfer of wealth in history or merely a rounding error?
While I am not the originator of the above question, there are numerous responsible parties that do characterize losses attributed to cybercrime and economic espionage in this fashion, i.e., as constituting either the greatest transfer of wealth in human history, or merely as rounding errors in a $14 trillion dollar economy?
The former of course represents a perspective intended to elevate the significance and adverse impact of cybercrime-economic espionage, while the latter represents an opposite perspective which is to diminish the ‘sticker shock’ if you will, of the adverse impact by characterizing it in the context of what is to most as incomprehensible dollar amounts or collective national GDP’s.
Having said that, both perspectives, through my lens, warrant inclusion in the broader conversation.
Since the passage of the Economic Espionage Act (EEA) in October, 1996, there has been no shortage of surveys and studies launched whose focus has largely been to dramatize the costs, losses, along with an array of adverse (economic, competitive advantage) impacts attributed to acts of cybercrime and economic espionage and adversely effecting either or both the private sector or national security/defense.
Having read and studied most, if not each of these reports over the past 25+ years, I interpret the findings and supporting documentation to be somewhat competitive in the sense that each report strives to be conceptually broader and offer broader ranges of losses and impacts and in more dramatic fashion.
Too, many reports, particularly those published in recent years, are collaborative, in that a known and usually global player (i.e., accounting, consulting, or IT firm) has partnered with a prestigous university (academic unit) or ‘think tank’ assuming this will elevate the reports’ credence and validity in the eyes of its previously targeted audience. In addition, more such reports include examples and/or mini-case studies describing the impact to victimized companies and/or organizations, whom, for multiple reasons have elected to ‘go public’, perhaps at the behest of federal (EEA) prosecutors and thus agree to seek prosecution of the perpetrators, whomever or whatever they may be.
Expectations of receiving damage – loss restitution…
Any victim company’s expectations of receiving damage or restitution payments is slim and therefore are largely symbolic when that is the finding of a court. That’s because a large percentage of those engaged in and prosecuted for EEA-related violations have international origins, which, while within the EEA’s scope may also find it useful to bring such action before the World Trade Organization (WTO).
Factors in play that influence companies to go public…
Readers recognize of course, there are numerous factors in play that comprise a company’s decision to ‘go public’. Going public, represents among other things, a companies’ admission of being victimized followed by a guesstimated admission of the extent – value of the losses being attributed to the acts, which, initially are often framed in passionate and angry guesstimates of how the acts and losses will impact the victims’ company and even who the culprit(s) may be and how the adverse act was actually committed.
Victim anger and passion aside, we know it is challenging to determine, let alone isolate and accurately assess such losses very rapidly. That’s because, in many instances, the losses are not limited solely to lost or undermined intellectual capital, i.e., trade secrets, proprietary information, and IP. Instead, the full extent of a targeted companies’ losses are frequently more strategic in the form of relationship capital and thus may not be fully realized for several months out.
Reputation risk factor…
Another factor in play with respect to the counsel and ultimate decision to ‘go public’ with a companies’ victimization is the very real possibility that having the matter come under public and regulatory scrutiny, there is, unfortunately, a probability the victim company, will experience the materialization of reputation risk manifesting at some level. I refer to materialization of reputation risk with the phrase ‘at some level’, because such company specific reputation risks can manifest in different ways for different sets of consumers, stakeholders, and investors, etc.
Yes, a company’s reputation is an intangible asset of the first order. A company’s reputation is embedded with – comprised of many other contributing intangible assets which collectively produce significant value. In other words, reputation represents expectations, and therefore serves as the rationale in which consumers distinguish, seek, and likely purchase one product or service over another because it consistently meets or exceeds our expectations.
Calculating losses attributed to economic espionage require objectively framed equations…
For many years there has been a general inclination to accept, perhaps naively, the guesstimated findings of after-the-fact prognosticative research regarding losses – impacts attributed to cyber – economic espionage valuations. My counsel is that any formula, conventional intangible asset valuation methodology, and/or equation used to calculate the loss and/or compromise of valuable intellectual properties (intangible assets) caused by cyber-economic espionage should…
- differentiate the assets which have been targeted, lost, and/or compromised by category, i.e., intellectual, structural, and relationship capital to ensure the findings
- bring quantitative – qualitative distinctions and clarity to a fuller range of related acts/events which can materialize following an act of cyber-economic espionage, e.g., produce adverse stock market reactions if the targeted company is publicly traded, reputation risks, productivity losses, business disruptions, loss of consumer trust, expectations, and goodwill, as well as the costs required to re-establish IT and supply chain security, etc.
As always reader comments are welcome!