Michael D. Moberly March 7, 2012
The attention and warnings directed to cyber security (cyber-attacks, cyber-warfare, etc.) are certainly warranted. The strategic and cascading havoc that such deliberative acts could cause to even one of a country’s infrastructure pillars are indeed real.
However, being an intangible asset practitioner and advocate, in my view, the ‘cyber’ narrative is being too narrowly framed on two counts:
One, it is strongly influenced, and perhaps correctly so, by an IT – computer security orientation supported by key professional associations that offer, sometimes very sparingly, formal acknowledgement that cyber-attacks will adversely affect critical information assets which are routinely misperceived as existing solely in formats of electronic bits and bytes.
Two, cyber-attacks (directed to the private sector especially) is routinely characterized as being the portal of choice to engage in intellectual property theft (patent information) in my view may well be misleading, if not incorrect.
Both independent and state-sponsored cyber invasions are really after (need) the ‘glue’ that literally connects intellectual property to execution or manufacturing of select – targeted innovation which of course are the intangible assets, i.e., intellectual capital, know how, competitive advantages, etc.
Framing (public, private sector) information asset protection and security policies and practices primarily through a cyber-attack lens does not recognize the economic fact that 65+% of most company’s value, sources of revenue, sustainability, and ’building blocks’ for growth today evolve directly from intangible (knowledge-based) assets including intellectual capital, proprietary know how, intellectual property, competitive advantages, brand, reputation, image, and goodwill, etc. It’s essential the cyber-narrative acknowledge a company’s most valuable assets are its intangibles which are not exclusively stored in ‘the cloud’ or in a company’s computer-IT system.
Intangible asset protection policies and practices with a dominant IT – cyber (risk, threat) orientation can minimize the equally important reality that most companies operate in an extraordinarily competitive, predatorial, and winner-take-all global economy and business transaction environment. In such an environment, all employees have a responsibility, not just those in corporate IT – cyber security units, for safeguarding valuable and mission critical intangible – information based assets, regardless of the format in which they exist, how they are stored, or how they originate.
It is also necessary to recognize that intellectual property, i.e., patents, trademarks, copyrights, and trade secrets) are actually subsets of intangible assets. So, information (intangible) asset protection and cyber security policies and practices function best if they are formulated and practiced collaboratively.
As information security specialists know, proprietary – sensitive business information often percolates throughout a company and is not strictly confined or limited to what is accessible solely through one’s laptop, desktop, or ‘from the cloud’. In other words, mission essential and value/revenue producing (intangible) assets exist as intellectual, human, and structural capital.
Information security policies/practices that are dominated by an IT – cyber security orientation infers that all valuable, important, and proprietary information (a.) evolves from, (b.) is stored in, and/or (c.) is backed-up by an IT system. Those who ardently believe this convey an extraordinarily misleading, if not erroneous message, which is, ‘if the company’s IT system is proclaimed to be secure, then the company’s sensitive, proprietary and competitive advantage information must also be secure‘. Wrong! That’s an assumption (message) no company can afford to convey, inadvertently, or otherwise.
For those still unconvinced, try listening to cell phone conversations in hotel lobbies and airport lounges, glance at the laptop screen of the person seated next to you, or view social media pages and profiles of key employees. These, sometime inadvertent ‘roadmaps’ to a company’s crown jewels which economic – competitive advantage adversaries can readily access are well outside the conventional cyber (computer/IT) security realm.
It is certainly not my intent to be dismissive about a company’s need to rapidly identify, assess, and successfully and consistently thwart the very real risks and threats posed by cyber attacks which, as most realize, can target specific centers’ of the infrastructure, i.e., banking, healthcare, transportation, energy, etc. Having effective defenses against cyber attacks is an essential ingredient (fiduciary responsibility) to national and economic security and sustainability.
But, it’s also important to recognize that both (cyber) terrorist organizations and economic/competitive advantage adversaries can acquire, with varying degrees of ease, a single company’s most valuable and treasured trade secrets and proprietary intellectual capital (intangible assets) and literally wreak economic, competitive advantage, and market havoc, one company at a time.