CSIS – McAfee Partner on Cyber – Economic Espionage Impact

August 17th, 2014. Published under 'Safeguarding Intangible Assets', Economic Espionage. No Comments.

Michael D. Moberly    August 17, 2014   ‘A long form blog where attention span really matters’!

A collaborative partnership… In 2013, CSIS (Center for Security and Internal Studies) and McAfee partnered to examine cyber – economic espionage impact in a manner more inclusive than what I have previously observed over the past 25+ years. Spoiler alert; Dr. James Lewis, Senior Fellow and Director of CSIS’ Center for Technology and Public Policy Program offered his best guess that ‘the upper limit (of the costs-losses attributed to cyber – economic espionage) might be somewhere under one percent of the GDP’ (gross domestic product). Lewis also states, and I paraphrase, ‘U.S. economic costs-losses to cybercrime and economic espionage attributed specifically to – originating in China, may reach as much as $140 billion annually’.

$140 billion annually, 508,000 jobs…

While I have no basis to dispute those figure, or question Dr. Lewis’ experienced and respected record of achievements in the cyber crime – economic espionage arena, I do suggest there may be some predictable factors insofar as arriving at the $140 billion annual loss figure especially. One of which lies in determining which assets and/or impacts to include and the methodology for determining their near term and long term value in terms of costs and losses companies will experience with respect to market space, competitive advantages, sustainability, etc. Routinely, asset loss – impact valuations attributed to cyber-economic espionage, irrespective of their accuracy or objectivity, produce dollar values characterized in broad ranges on the plus – minus side. Lewis claims, and I agree, describing value loss – impact estimates with such broad range estimates is reflective of multiple difficulties, among them being, as readers know, numerous companies may…

  • be reluctant to reveal or inclined to conceal their losses,
  • not know precisely which/what assets were targeted, stolen, comprised, or misappropriated.

Intellectual property (and other forms of intangible assets) are challenging to value with consistency and objectivity. So, when values are calculated and assigned to stolen, misappropriated, and/or otherwise compromised intangible assets, i.e., intellectual and structural capital particularly, those figures, in my judgment, may be somewhat subjective and/or embedded with a particular bias or even agenda that in turn may influence high or low valuations.

For example, it’s relatively common to see open source media and their ‘talking heads’ to merely regurgitate extraordinarily high dollar volume losses (impacts) to the U.S. economy, attributed to cyber – economic espionage, ranging between $100 and $500+ billion annually.

But, Lewis wisely, yet provocatively, casts such wide ranging estimates of losses attributed to cyber – economic espionage in other contexts, starting with World Bank reports which state global GDP stood at about $70 trillion for the year 2011.  Thus, a $400 billion loss representing the high end range of probable losses caused by cyber crime and cyber espionage is a fraction of a percent of that global GDP figure. This, Lewis says, prompts additional questions, something which I have examined for many years, e.g. can the recipients and/or ultimate beneficiary of the targeted-acquired intangible assets expect to maximize their benefit and use? A second question focuses on the damage to victim companies relative to the cumulative effect of cybercrime and cyber espionage, i.e., market space position, sector competitive advantages, reputation risk, etc.


Having thoroughly studied many, what I respectfully refer to as ‘guesstimated’ economic espionage and stolen/infringed intellectual property (IP) reports over the course of 20+ years, I genuinely believe Dr. Lewis’ findings to be as flawless, encompassing, and accurate as can be reasonably expected in the multi-faceted and ambiguous arena from which to acquire reliable and replicable data points. For example, quite interestingly, the CSIS – McAfee report translates these asset loss estimates as representing perhaps as many as 508,000 U.S. jobs.

Conventional surveys to assess – assign dollar value to losses…

Some IP and intangible asset theft – loss estimates rely on surveys, which Lewis quite correctly points out, generally provide imprecise values, unless the survey itself has been carefully constructed and managed. Too, a common challenge, insofar achieving credence to cyber-security-espionage survey findings, Dr. Lewis also points out, is that (survey) respondents are inclined to “self-select”.  When this occurs, it introduces a potential source of distortion to the results.  So, being mindful of these and other data collection challenges to this already sensitive topic for companies, Lewis suggests loss estimates be based on assumptions about scale and effect. Changing those assumptions, Lewis argues, will likely deliver quite different results in terms of loss values.

CSIS – McAfee Assessment model…

As a demonstration of Lewis’ intent to be as objective and encompassing as possible insofar as valuing losses attributed cyber and economic espionage, CSIS secured the expertise of prominent economists, intellectual property experts, security researchers, and even incorporated, what could appear at first blush irrelevant analogies to bring clarity to the figures they were reporting, e.g., comparative statistics for car crashes, product piracy, pilferage, crime stats, and drug usage which collectively were integrated, for comparison purposes, to serve as frameworks to draw upon in devising their assessment (valuation) model. By incorporating these analogies in the design of their assessment model, Dr. Lewis, CSIS, and McAfee were essentially suggesting, should my interpretation be correct, it’s problematic to rely exclusively on conventional methodologies, particularly time honored surveys, to identify dollar values to losses attributed to cyber-economic because…

  1. companies that (publicly) reveal losses attributed to cyber – economic espionage are frequently unable to distinguish, with the necessary precision, the actual (proprietary, IP, intangible) assets which were stolen, compromised, or infringed.
  2. intellectual property – intangible asset losses are admittedly difficult to quantify with consensus, and when they are, the assessment – valuation is likely to reflect subjective guesstimates absent factoring numerous dependant variables which are invariably in play.
  3. the self-selection process associated with most conventional (time honored) survey methodologies, frequently produce some distortion to the findings.

CSIS model includes six classifications of cyber – economic espionage…

Insofar as actually commencing this much needed project, CSIS classified malicious cyber – economic espionage activities into six areas, i.e., wherein there…

  1. was a loss of intellectual property occurred.
  2. was an actual crime committed, i.e., a violation of federal law.
  3. was a loss of sensitive – proprietary business information.
  4. were opportunity costs involved, including business and/or service disruptions that adversely effected consumer/customer expectations and trust particularly those related to the victim company’s online activities.
  5. would be additional costs incurred by the victim company relative to securing their IT networks and incorporate greater resilience measures to provide quicker and fuller recovery when future attacks occur.
  6. damages manifested – materialized as reputational risks to the victim company.

Each of the above should be examined through a lens of reverence in that there is little question the inclusion of these and other factors, collectively help victim companies arrive at a more comprehensive and current appreciation for the losses, costs, and overall impacts caused by acts of cyber – economic espionage.

The worlds’ second oldest profession…

Economic (industrial) espionage is often euphemistically referred to as the world’s second oldest profession behind, of course, to prostitution. Readers do recognize that an, as yet unknown percentage of malicious cyber activity, evolves as economic espionage and is an obvious by-product of the continually evolving IT and Internet arenas. But still, as both cyber – economic espionage are irreversibly embedded in global cultures and business, there remain a percentage of policymakers, company c-suites, and management teams who find it a challenging phenomenon ‘to get their arms and heads around’ insofar as articulating, with strategic clarity, precisely why cyber security and economic espionage prevention/mitigation initiatives are so essential. The answers to these increasingly critical concerns, either of which, when they materialize, can produce substantial, if not utterly debilitating adverse effects to a company’s value, sources of revenue, profitability, growth potential, and overall sustainability. lie in well grounded research to aid c-suites and boards in framing their near term and strategic decisions, actions, and responses. CSIS – McAfee identified components of malicious cyber activity… In the CSIS – McAfee report, Lewis quite appropriately asks what should be counted insofar as arriving at better loss estimates attributed to cybercrime and cyber (economic) espionage. Interestingly, in an effort to address this question, Lewis categorizes malicious cyber activity into the following components, i.e., the…

  1. loss of intangible assets, i.e., intellectual property and sensitive business confidential/- proprietary information.
  2. opportunity costs linked to…
    1. service and employment disruptions, and
    2. reduced trust in online services and activities.
    3. additional costs
    4. securing company and supply chain networks
    5. insurance.
    6. resilience to – recovering from cyber attacks, i.e., developing/executing business continuity and resilience procedures.
    7. reputational risk materialization and damages.

What’s the harm…? If Dr. Lewis is correct in assuming, through the analogies he describes in the Report, some of which appear tantamount to inferring there are “tolerated costs” within in the realm of cyber crime and cyber espionage which manifest as a ‘ceiling’ of sorts, for estimating losses.  This suggests that, at most, cybercrime and cyber espionage costs less than 1% of GDP.  For the U.S. then, in the context of its GDP, Lewis’ best guess is that losses (caused by cyber crime and cyber espionage) may reach $100 million annually. To provide context for this estimate, Lewis points out that annual expenditures on research and development in the US are $400 billion annually, and $100 million in stolen/misappropriated intellectual properties he offers, does not translate to dollar for dollar gain to the recipients and/or ultimate beneficiaries, i.e., the economic, competitive advantage adversaries! As always, reader comments are most welcome!

Cyber Crime and Economic Espionage Assessing Costs and Economic Impacts…

August 11th, 2014. Published under Economic Espionage, Intangible asset protection, Intangible Asset Value. No Comments.

Michael D. Moberly    August 11, 2014    ‘A long form blog where attention span really matters.’

Objective calculation of losses and costs.

Calculating and assigning a dollar value to losses and costs associated with cyber crimes, particularly those which culminate in economic espionage, may appear at first blush to be relatively straightforward tasks. However, when intellectual properties and other categories of intangible assets are targeted and acquired by economic and competitive advantage adversaries, the legitimate holder of those assets is obliged to objectively assess their value?

Similarly, if a cyber attack temporarily brings down a company’s IT network, the targeted company is obliged to objectively calculate losses to productivity, sales, and essential communications as well as costs to return their system to operational normalcy with the necessart security upgrades.  Obviously, there is much more to calculating and assigning a dollar values to such costs/losses than engaging in more guesstimates.

No surprises.

For regular readers, it should come as no surprise that there are significant differences of opinion globally about calculating the costs and losses attributed to malicious cyber activity and economic espionage directed to companies’ R&D, university-corporate research consortiums, etc. As conveyed in previous posts at this blog, dollar value losses cited in numerous respected surveys and studies range from a mere few billion dollars to hundreds of billion dollars annually. To be sure, assigning specific price tags to companies’ cyber – economic espionage losses is challenging, but too, the processes are often embedded with subjective assessments that do not reflect a comprehensive accounting of the peripheral and contributory value of each of the other intangible assets underlying a patent for example. So, it may not be especially prudent to assume the findings of the various surveys and studies have been reached using objective data or calculations that are free from the influence of larger political, social, and national security agendas. This may be a reason why we are witnessing such a broad range of loss estimates regarding cyber – economic espionage.

Is economic-cyber the greatest transfer of wealth in history or merely a rounding error?

While I am not the originator of the above question, there are numerous responsible parties that do characterize losses attributed to cybercrime and economic espionage in this fashion, i.e., as constituting either the greatest transfer of wealth in human history, or merely as rounding errors in a $14 trillion dollar economy?

The former of course represents a perspective intended to elevate the significance and adverse impact of cybercrime-economic espionage, while the latter represents an opposite perspective which is to diminish the ‘sticker shock’ if you will, of the adverse impact by characterizing it in the context of what is to most as incomprehensible dollar amounts or collective national GDP’s.

Having said that, both perspectives, through my lens, warrant inclusion in the broader conversation.

Numerous reports…

Since the passage of the Economic Espionage Act (EEA) in October, 1996, there has been no shortage of surveys and studies launched whose focus has largely been to dramatize the costs, losses, along with an array of adverse (economic, competitive advantage) impacts attributed to acts of cybercrime and economic espionage and adversely effecting either or both the private sector or national security/defense.

Having read and studied most, if not each of these reports over the past 25+ years, I interpret the findings and supporting documentation to be somewhat competitive in the sense that each report strives to be conceptually broader and offer broader ranges of losses and impacts and in more dramatic fashion.

Too, many reports, particularly those published in recent years, are collaborative, in that a known and usually global player (i.e., accounting, consulting, or IT firm) has partnered with a prestigous university (academic unit) or ‘think tank’ assuming this will elevate the reports’ credence and validity in the eyes of its previously targeted audience. In addition, more such reports include examples and/or mini-case studies describing the impact to victimized companies and/or organizations, whom, for multiple reasons have elected to ‘go public’, perhaps at the behest of federal (EEA) prosecutors and thus agree to seek prosecution of the perpetrators, whomever or whatever they may be.

Expectations of receiving damage – loss restitution…

Any victim company’s expectations of receiving damage or restitution payments is slim and therefore are largely symbolic when that is the finding of a court. That’s because a large percentage of those engaged in and prosecuted for EEA-related violations have international origins, which, while within the EEA’s scope may also find it useful to bring such action before the World Trade Organization (WTO).

Factors in play that influence companies to go public…

Readers recognize of course, there are numerous factors in play that comprise a company’s decision to ‘go public’. Going public, represents among other things, a companies’ admission of being victimized followed by a guesstimated admission of the extent – value of the losses being attributed to the acts, which, initially are  often framed in passionate and angry guesstimates of how the acts and losses will impact the victims’ company and even who the culprit(s) may be and how the adverse act was actually committed.

Victim anger and passion aside, we know it is challenging to determine, let alone isolate and accurately assess such losses very rapidly. That’s because, in many instances, the losses are not limited solely to lost or undermined intellectual capital, i.e., trade secrets, proprietary information, and IP. Instead, the full extent of a targeted companies’ losses are frequently more strategic in the form of relationship capital and thus may not be fully realized for several months out.

Reputation risk factor…

Another factor in play with respect to the counsel and ultimate decision to ‘go public’ with a companies’ victimization is the very real possibility that having the matter come under public and regulatory scrutiny, there is, unfortunately, a probability the victim company, will experience the materialization of reputation risk manifesting at some level. I refer to materialization of reputation risk with the phrase  ‘at some level’, because such company specific reputation risks can manifest in different ways for different sets of consumers, stakeholders, and investors, etc.

Yes, a company’s reputation is an intangible asset of the first order. A company’s reputation is embedded with – comprised of many other contributing intangible assets which collectively produce significant value. In other words, reputation represents expectations, and therefore serves as the rationale in which consumers distinguish, seek, and likely purchase one product or service over another because it consistently meets or exceeds our expectations.

Calculating losses attributed to economic espionage require objectively framed equations…

For many years there has been a general inclination to accept, perhaps naively, the guesstimated findings of after-the-fact prognosticative research regarding losses – impacts attributed to cyber – economic espionage valuations. My counsel is that any formula, conventional intangible asset valuation methodology, and/or equation used to calculate the loss and/or compromise of valuable intellectual properties (intangible assets) caused by cyber-economic espionage should…

  • differentiate the assets which have been targeted, lost, and/or compromised by category, i.e., intellectual, structural, and relationship capital to ensure the findings
  • bring quantitative – qualitative distinctions and clarity to a fuller range of related acts/events which can materialize following an act of cyber-economic espionage, e.g., produce adverse stock market reactions if the targeted company is publicly traded, reputation risks, productivity losses, business disruptions, loss of consumer trust, expectations, and goodwill, as well as the costs required to re-establish IT and supply chain security, etc.

As always reader comments are welcome!

Economic – Cyber Espionage Impact

August 8th, 2014. Published under 'Safeguarding Intangible Assets', Economic Espionage. No Comments.

Michael D. Moberly     August 8, 2014    ‘A long form blog where attention span really matters’!

Dr. James Lewis, Director and Senior Fellow, Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS) very appropriately states, among countless other relevant and practical jewels of wisdom in his July, 2013 report titled, ‘The Economic Impact of Cyber Crime and Cyber Espionage’ that there is ‘a wide range of estimates of annual losses, from a few billion dollars to hundreds of billions’.  That statement itself, is not particularly noteworthy, but the distinctive ways Dr. Lewis reframes the statement by identifying various alternative lens in which the impact of economic and cyber espionage can be viewed through comparisons and analogies is very worthy.

This obvious broad range reflects several difficulties, claims Lewis, i.e., because companies may…

  • be inclined to conceal their losses,
  • not be aware of what assets have actually been stolen, comprised, or misappropriated.

Granted, intellectual property (and other forms of intangible assets) difficult to objectively value, and when a value is assigned, in my judgment, it’s often subjective and/or embedded with particular agendas that produce especially high or low ($) valuations.

Some IP and intangible asset estimates rely on the work and findings of other surveys, which Lewis quite correctly points out, generally provide imprecise values, unless the survey itself has been carefully constructed and managed.

Too, a common challenge, insofar achieving credence to cyber-security survey findings, Dr. Lewis point out, is that (survey) respondents are inclined to “self-select”.  When this occurs, it introduces a potential source of distortion in the results.  So, being mindful of these and other data collection challenges to this already sensitive topic for companies, i.e., in economic and cyber espionage, matters, it is not uncommon, Lewis suggests, for loss estimates to be based on assumptions about scale and effect. Changing those assumptions, Lewis argues, will likely deliver quite different results in terms of loss values.

Components of malicious cyber activity…

In the report, Lewis starts by asking what should be counted insofar as arriving at better loss estimates caused by cybercrime and cyber espionage. Interestingly, Lewis categorizes malicious cyber activity into five components, i.e., the…

  1. loss of intangible assets, i.e., intellectual property and business confidential/proprietary information.
  2. loss of sensitive business information, including possible stock market manipulation •
  3. opportunity costs linked to…

a. service and employment disruptions, and

b. reduced trust in online services and activities.

4. additional costs

a. necessary to secure company and supply chain networks

b. for insurance.

c. to recover from cyber attacks, i.e., developing/executing business continuity and resilience procedures.

5. reputational risk materialization and damage to victimized companies.

Putting these components together, Lewis claims, and I agree, the cost of cybercrime and cyber espionage to the global economy can broadly be characterized in the hundreds of billions of dollars annually.

But, Lewis wisely and provocatively, casts those wide ranging estimates in other contexts, starting with World Bank reports which state global GDP stood at about $70 trillion for the year 2011.  Thus, a $400 billion loss representing the high end range of probable losses caused by cyber crime and cyber espionage is a fraction of a percent of that global GDP figure.

This, Lewis says, prompts additional questions, e.g. can the recipients and/or ultimate beneficiary of the acquired intangible assets  expect maximum benefit/use?,  and a second question focuses on the damage to victim companies relative to the cumulative effect of cybercrime and cyber espionage, i.e., market space position, sector competitive advantages, reputation risk, etc.

What’s the harm…?

If Dr. Lewis is correct in assuming, through the analogies he describes in the CSIS Report, some of which appear tantamount to inferring there are “tolerated costs” within in the realm of cyber crime and cyber espionage which manifest as a “ceiling” for estimates of losses.  This suggests that, at most, cybercrime and cyber espionage costs less than 1% of GDP.  For the U.S. then, in the context of its GDP, Lewis’ best guess is that losses (caused by cyber crime and cyber espionage) may reach $100 million annually to the U.S.

To provide context for this estimate, Lewis points out that annual expenditures on research and development in the US are $400 billion annually, and $100 million in stolen/misappropriated intellectual properties he offers, does not translate to dollar for dollar gains to the recipients and/or ultimate beneficiaries, i.e., the economic, competitive advantage adversaries.

As always, readers comments are welcome.

Reputation Risk Resilience

July 29th, 2014. Published under Reputation risk.. No Comments.

Michael D. Moberly   July 29, 2014   ‘A long form blog where attention span really matters’. 

Reputation risk resilience…

Admittedly, I do not know, other than a mere guesstimate, the number of companies which are current in their continuity, contingency, and resilience planning.  I suspect, based on numerous conversations with company leadership teams who would presumably have an oversight role insofar as initiating and executing such plans, far fewer companies than today’s increasingly predatorial, competitive, and winner-take-all business (transaction) environment warrant, have current plans, in place.

Too, there is no reason to doubt a significant, but admittedly unknown percentage of the plans which are in place, have merged or morphed into web-based policy and procedure ‘manuals’ awaiting resurrection when a ‘reputation risk’ serpent stalkingly emerges from the murky and interconnected environs associated with global business.

A companies reputation is, generally it’s most valuable (intangible) asset…

As an intangible asset strategist and risk specialist, I strongly believe that continuity, contingency, and resilience planning must extend far beyond company’s IT systems, supply chains, and consumer, customer, client services to include the full spectrum (15+ categories) of intangible assets which most companies now produce, possess, utilize, and/or acquire.

The reason, it should not go unnoticed that today, 80+% of most company’s value, sources of revenue and ‘building blocks’ for growth, profitability, and sustainability globally reside in – evolve directly from intangible assets!  Through my lens, that represents a fairly clear (fiduciary) obligation that a company’s key intangibles warrant safeguarding and their value, materiality, and risk consistently monitored.

A beneficial and instructive prelude to company reputation risk resilience…

A beneficial and instructive prelude for any company wishing to achieve the necessary (reputation risk) resilience that’s warranted in today’s go fast, go hard, go global business  (transaction) environment begins by acknowledging the range of questions that will inevitably be asked and debated in c-suites, board rooms, among management team members, employees, on social media platforms and possibly within regulatory – oversight bodies,  once a significant reputation risk materializes.

Examples of inevitable questions when reputation risk materializes …

The questions below are neither company nor event specific, but nevertheless, they are real and they can be framed in various ways and in various contexts to represent dominant (reputation risk) issues for which answers will be sought and demanded one a reputation risk emerges – materializes, e.g.,

  • What is/are the origin(s) of this particular risk?
  • Are the ways which the risk is adversely affecting company reputation describable, measurable, monitorable, and trackable?
  • Can it be ascertained how-when the risk initially materialized to a level of company consciousness?
  • Are there human initiators associated with the risk and if so, are they known?
  • Is there any factual basis to the risk insofar as the manner in which it being characterized by any/all facets, and if so, will that influence the risks’ perpetuation for the near (long) term?
  • Is the risk tangible insofar as requiring the company to ethically make operational and/or design decisions to the targeted product or service?
  • Is the risk measurably gaining in strength, and, if so, how rapidly, why, and are the constituencies distinguishable?
  • Is the depth and breadth of the risk, among consumers, stakeholders, investors, etc., subject to objective qualitative – quantitative measurement and monitoring?
  • Is there a probability this particular, or simultaneous set of risks will subside on their own volition without an official (company) response or intervention?, wishful thinking doesn’t count.
  • Is a formal (company) response and mitigating action required, and ethically and legally being advised?
  • Does this particular reputation risk require a specific (nuanced) response or action that will resonate with the affected – complaining parties?, and, if so, can a response be fashioned to de-escalate further adverse rhetoric that exacerbates the (reputation) risk?

No single best strategy…

Experientially, I am hard pressed to suggest there is a single ‘best’ strategy that delivers answers to these (and myriad other) questions to consistently mitigate the asymmetric elements of reputation risk events due in large part o their distinctive origins and often company specific motivation, therefore any  presumption there is a ‘one size fits all’ approach is poor strategy.

I do believe however, the most effective foundation to induce a recuperative path to a materialized reputation risk starts with having an…

objective, experienced, forward looking, ‘speak truth to power’, and rapid assessment and response mechanisms in place that fit a variety of scenarios, each with the potential to adversely affect  a company’s primary sources of value, revenue, and/or market-sector competitive advantages!

Too, it is here that an intangible asset strategist and risk specialist should be close at hand. After all, effectively preventing or mitigating reputation risk cannot and should not be left exclusively to a counter campaign mounted by a public relations unit which has morphed into reputation risk.

A percentage of company’s that become embroiled in a reputation risk event will find a useful starting point to embarking on a mitigation and recovery strategy, or preferably resolve the risk in its early stages would be well advised to have a clear understanding that their company’s reputation is often comprised of – embedded with multiple and collaborative intangible assets that produce revenue generating competitive advantages which warrant safeguarding.

Not all reputation risks rise to a level of…

Insofar as developing a sound reputation risk resilience plan, it’s necessary to recognize, not all materialized (reputation) risks rise to a level in which life, death, or serious injury to consumers – users will occur, are imminent, or that, for publicly traded firms, stock price and market share will irreversibly decline.  Some reputation risk events emerge initially as merely verbal expressions of displeasure regarding a specific company product or service. often on a social media platform.  However, one need not look further, and I am not so sure this is a particularly distinctive example when derogatory expressions attributed to the former owner of the NBA’s Los Angeles Clippers’ made toward Clipper players themselves to witness the obvious  and initial harm and financial damage which discipated quite rapidly following the teams’ purchase by Steve Balmer.  In other words, while the former Clipper owners’ remarks were vile and racist by any standard, there is no particular reason to believe there will be permanency, due in part to the new NBA Commissioners’ prompt and substantial action.

On the other hand, some risk events may appear almost irrelevant insofar as the potential to adversely affect a company’s reputation, at least initially, because initial assessments find no compelling reason to manufacture an immediate response.  However objective monitoring of such circumstances, with few exceptions, should always be monitored for a period of time.  Absent monitoring,  circumstances can quickly escalate by finding a receptive audience and rapidly encompass large blocks of consumers, stakeholders, and social media platforms in ways that indeed cast disfavor and suspicion on a company’s reputation.

Going inside a c-suite, Craig’s List example…

While I have absolutely no firsthand knowledge, I do believe it’s instructive never-the-less, to speculatively examine, in sort of a case study context, the decision that occurred in September, 2010 by Craig’s List and its ‘adult services’ section.  Initially my thoughts were, this clearly falls into the proverbial ‘no-brainer’ category, or does it?

Again, I pretend to have no insider perspective on this matter, but I am confident there were numerous meetings/discussions in the months preceding the September, 2010 decision as their ‘adult services section’ was emerging as a genuine reputation risk.  I fully suspect, the company’s decision making hierarchy were debating the larger question…’what should we do about our adult services section’, e.g., do we…

  • retain the adult services section as is, and try to muscle through the current backlash, law suits, and reputational risks?
  • retain the adult services section, but tone it down through monitoring and imposition of less provocative parameters, or
  • jettison the entire adult services section immediately, which presumably would remove the accelerant that are influencing the rising levels of reputation risk?

I am confident these and variants of these questions were duly debated among legal counsel, public/media relation providers, reputation risk specialists, and financial advisors each offering their perspectives and prognostications about the outcomes of various courses of action being considered.

The fly on the wall…

Unable to be the proverbial ‘fly on the wall’ to actually witness first hand, these discussions, I’m thinking it’s not rocket science to assume the consensus reached in most of the early meetings, at least up to the September 4th decision to suspend the adult services section, were variously influenced by the economic fact – business reality that Craig’s List adult service section was a consistent revenue generator to the tune, it’s been reported, of $37+ million per year.

Too, I am equally confident that during some of the initial discussions among Craig’s List managerial hierarchy, when the ’what should we do about the adult services section’ question arose, there was at least periodic consensus to ‘ride this risk out’ for as long as was prudent.  I presume the speed, depth, and breadth of the adverse reactions to the adult services section issue were being thoughtfully and thoroughly assessed.  Of course, if that were true, I would be inclined to interpret it as…

….unless and/or until the adverse public reaction rises to some, perhaps pre-determined level, e.g. 15+ state’s attorney general’s filing civil actions and going public with their admonitions, only then would the remaining option of closing down the adult services section be considered prudent and ultimately executed.

Reputation risk management 101 vs. graduate level…

Should such speculation be reasonably close to correct, which I suspect it is, I would be further inclined to characterize Craig’s List response in the context of ‘no decision is a decision’. Ultimately, the situation Craig’s List soon found themselves in, was, pure and simple, ‘company reputation risk management 101‘ versus a graduate or Ph.D level it could have been.

Reputation risk intelligent company culture…

Of course, we must not overlook the reality that if such (adult) services were not in demand, particularly in a semi-anonymous web-based format, ala Craig’s List, it’s likely, from a business perspective, Craig’s List would have made the decision to discontinue that particular offering at the initial hint of problems (i.e., reputation risk) on the horizon or revenues being generated were insufficient to justify its continuation.

If that were the case, it’s likely Craig’s List could have leveraged their decision (to discontinue their adult services section) in a manner that would allow them to reap strategic accolades from their stakeholders and consumers versus being on the receiving end of civil actions from a growing list of detractors, special interest groups, and politicians. Bad timing on the part of Craig’s List, perhaps, but, it’s a good business reason to invest in a ‘reputation risk intelligent company culture’!

21st century version of a ‘wake up’ call…

Reputation glitches, such as the one Craig’s List experienced, duly represent 21st century versions of ‘wake-up calls’ for management teams, c-suites, and boards to closely and objectively examine and monitor how or whether their company culture is…

  • attuned to and observant of reputational risk.
  • genuinely reflects the company’s public behavior, and
  • consistently meets the expectations of its customers, consumers, stakeholders, and clients?

This post was inspired by a paper produced by Deloitte titled ‘The People Side Of Risk Intelligence: Aligning Talent And Risk Management.

As always, reader comments and perspectives are welcome at m.moberly@kpstrat.com

Reputation Risk Intelligent Company Culture

July 27th, 2014. Published under Reputation risk.. No Comments.

Michael D. Moberly   July 27, 2014   ‘A long form blog where attention span really matters.’

Value of company reputation…

I suspect there is agreement that no reasonable executive or management team member would question today the value associated with – attached to their company’s reputation, i.e., its image, goodwill, and the relationship capital it has built. Consequently, as born out in numerous studies, surveys, and published papers that address various facets of reputation risk this is a category of intangible asset which has ratcheted up considerably on c-suites attention and ‘to do’ lists.

Reputation is an intangible asset…

Of course, a company’s reputation is one of multiple intangible assets which consistently play increasingly critical roles in company’s ability to achieve their intended revenue, profitability, and sustainability objectives.  After all, it is an economic fact that today, 80+% of most company’s value and sources of revenue lie in or evolve directly from intangible assets, which reputation is certainly one.

Once a company’s reputation has become tarnished, undermined, or been the subject of warranted scrutiny, sometimes, regardless of the reason, whether it be successive managerial missteps, one-off process glitches, or patterns of unethical behavior and neglect, returning to some semblance of reputational normalcy will, in most instances, be costly, lengthy, and require a well purposed and enterprise wide effort.

Reputation risk intelligent company culture…

Well purposed initiatives which a company’s management team and board may undertake to return their company to itsprevious or perhaps a higher state of reputational normalcy following the materialization of a reputation risk, despite having thoroughly vetted contingency plans in place, may be for naught, if the groundwork and foundations for a viable ‘reputation risk intelligent company culture’ have been overlooked.

It’s certainly reasonable to assume that increases in respondents’ affirmative admissions in surveys regarding reputation risk have been variously influenced by the very public and often self-inflicted calamities experienced by BP, Massey Energy, Craig’s List, McDonalds’ China, General Motors, and numerous others that have been on the receiving end of stakeholder, consumer, and regulatory agency ire.

Of course we know in some instances, consumer ill-will can be relatively short-lived, that is, a materialized reputation risk simply does not resonate or come to be on broad numbers of consumers’ radar screens. That’s not to suggest a company’s reputation can quickly ‘bounce back’, instead, it’s probably a case where a ‘tipping point’, for whatever reason, has not materialized in the media and/or actions of consumers in sufficient numbers to render it an action item on c-suite agendas..   That said however, one need not look far to see evidence in which consumer ill-will is much longer lived, to the point it rises to irreversible permanence which appears particularly relevant in the consumer products and consumables arena.

Too, for publicly traded companies, materialized reputation risks frequently manifest as downward spikes in stock price which translates to overall losses in company value.

Reputation risk is not limited by industry sector…

The current state of (company) reputational risk is not entirely an expectation of companies that operate in what may classify as high or low risk sectors, i.e., baby foods, drilling in the Gulf of Mexico, or coal mining compared to say graphics arts firms, libraries, or flower shops for example.  Nor is it necessarily due to the reality that risk events can expand and exacerbate so rapidly today.

Some companies get what they deserve…

Let there be no doubt, some companies get precisely what they deserve in terms of being on the receiving end of a reputation risk event or act that implodes.  That is, if or when there is a clear incident or pattern of knowingly engaging in risky behaviors or giving only lip service to regulatory mandates and risk management oversight, be it on the high seas, a coal mine, a chicken processing plant, or a manufacturer of toothpaste, all reasonable and legal efforts should be mounted against them to make things whole, if that’s possible for the victims and/or complainants.

Reputation risk attributed to the absence of risk intelligent company culture…

Today, in my view, it’s essential to recognize that the materialization of some (types of) reputation risk can be attributed to the absence of a ‘company culture’ that understands…

  • the relevance and potential (enterprise wide) adverse and potentially long term impact to a company’s reputation when certain risks materialize, and
  • how such risks can reverberate through global media platforms and find resonance (tipping points) among large blocks of consumers and stakeholders.
  • this prompts a defense only response path.

Horizontal reputation risk monitoring and assessment…

A company’s reaction to a potential – probable reputation risk, relative to the speed which it can materialize, can be particularly acute for companies which have no advance ‘horizontal monitoring and assessment’ procedures in place to…

  • provide timely, regular, and objective insights and updates about where and how a risk emanated and commenced.
  • reach internal consensus for executing an effective and appropriately timed response of some type, which I believe is more frequently than not, warranted.

A ‘reputation risk intelligent company culture’ can be an effective and complimentary path that will deliver returns far greater than the alternative!

As always, I welcome readers’ comments and perspectives at m.moberly@kpstrat.com.

Predicting Reputation Risk

July 26th, 2014. Published under Reputation risk.. No Comments.

Michael D. Moberly     July 26, 2014   ‘A blog where attention span really matters’.

For most companies, there are numerous preludes to reputation risk…

First, let me respectfully suggest that I am hard pressed to identify any company or organization I have engaged in recent years on intangible asset matters, irrespective of industry sector, that I and numerous colleagues could not objectively identify (operationally, transactionally) having numerous requisites - preludes which could potentially manifest as significant and adverse reputation risks if left unacknowledged and unmanaged through neglect rooted in operational unfamiliarity about intangible assets.

The speed which events, acts, and behaviors manifest to become reputation risk…

In most circumstances which I am familiar, the speed which an adverse event, behavior, or act can progress to a reputation risk stage, is speculative at best. But, we can probably agree that most reputation risks are variously dependent on how quickly they are ‘outed’ and find a sympathetic and/or pre-disposed audience where ‘the issue’ resonates and achieves the requisite traction prompting it to rapidly escalate. Of course this is particularly true if such risks manifested in consumer – user death, injury, or adverse health challenges.

Respectfully aside from the above, the speed and trajectory which a particular (reputation) risk may advance is seldom more than a ‘best guesstimate’. In other words, it is dependent on numerous variables and factors, some of which can be favorably mitigated or absorbed, so to speak, while others intensify independently, regardless of the best efforts of risk prevention, mitigation, and management. That said, there is no shortage of company c-suites who naïvely assume that the speed which particular risks evolve to adversely affect a company’s reputation is far longer than what it ultimately is. C-suites would be well advised to recognize there is no conclusive evidence to suggest there are term (time) limits in which some categories-types of reputation risk can materialize and  rightfully exacerbate, just ask General Motors.

Reputation risks’ rear view mirror perspective…

Engaging in a quick scan of public domain articles published in business and academic journals, blogs, government agency oversight reports, and other open source media, one quickly sees there is no shortage of media that are purposed to draw attention to the adverse affects associated with materialized reputation risks, albeit with the benefit of a rear view mirror context.

Identifying and assessing reputation risks in a rear view mirror perspective, is not particularly challenging, as readers know. What I often find missing in such ‘monday morning analysis’ however, are assessments of a company’s desire or ability to distinguish the myriad of acts, behaviors, verbal miscues, or process oversights, etc., which…

  • can achieve the requisite traction, external appeal, and media attention to become full blown reputation risks, and
  • produce quick near and long term adverse effects to the victim company’s economics, competitive advantages, image, goodwill, and of course, reputation.

Too, I find there is no particular challenge to engage in a reverse investigation to reveal reputation risk points of origin and rationales why they intensified.

Realistically, are there any events, acts, or behaviors today which can’t plausibly manifest as reputation risk…?

In discussions with numerous senior executives across industry sectors regarding reputation risk, two routinely raised perspectives that are often framed with an air of rhetorical and contemptuous pessimism are,

  • ‘…it’s difficult to think of any event, act, or behavior, either intentional or inadvertent, discounting legitimate ‘whistleblowers, that exist in today’s increasingly competitive, predatorial, and gotcha business environment, which do not carry the potential to materialize as reputation risks so long as there are purposed, sympathetic, and righteous mediums willing to instantaneously disseminate and dramatize its significance’.
  • ‘…there preconceived agendas and/or motives embedded in open source – social media reporting of business risks which companies have knowingly elected to undertake and assume, but, once a risk materializes, it can simultaneously and adversely affect a company’s economics’, competitive advantages, market share and overall market space presence?

With respect to either of the above I am hard pressed to recall any management team member or executive who doesn’t, in their own nuanced words, respond affirmatively to one or both perspectives.

We just didn’t see it coming, that won’t happen to us…

These are two common refrains I and others routinely hear of which one thing is certain, anecdotally at least, there is ample evidence that numerous potential reputation risk events have been dismissed or overlooked by companies with the time honored, but rear view mirror declaration, ‘we just didn’t see it coming’.

Examining the phenomena of reputation risk through the lens of senior company executives, I sense, as an intangible asset strategist and risk specialist, there is substance to this perspective that’s worthy of study. Certainly, I am not advocating senior executives should adopt a passive or dismissive perspective toward reputation risks that merely meet some subjective criteria for being a potential (reputation) risk.

I do hold the view however, that in numerous instances when reputation risks have materialized, there is absolutely no surprise and are generally self-evident, especially since effective counsel on such matters is readily available.

Wisely though, risks that adversely affect a company’s reputation warrant much more study, because, among other things, it’s certainly no secret that the foundations for reputation risks to emerge and materialize into the public domain are often laid well in advance, perhaps even years of less than optimal stewardship, oversight, and management of specific intangible assets, particularly, intellectual, structural, and relationship capital.

As always, your perspectives and comments are most welcome at m.moberly@kpstrat.com.

C-Suites’ Reputation Risk

July 21st, 2014. Published under Reputation risk.. No Comments.

Michael D. Moberly    July 21, 2014   ‘A blog where attention span really matters’!


The intent of this post is certainly not to suggest there should be a greater sense of dismissiveness directed toward the various origins, motives, or consequences to materialized reputation risks, which companies and organizations with unfortunate and often times unnecessary frequency, encounter and ultimately are compelled to address.

What is reputation risk…

Responsibility for materialized reputation risk events is frequently and variously attributed to unfettered and barrier free entry to social media and/or blog platforms by agenda driven individuals or groups to communicate adverse views about what a company (a.) may have done, (b.) intends to do, or (c.) continues to do. This includes acts such as the use/application of products or services with known design or operational flaws or substandard contents in which there is public consumption, as well as litanies of other forms of neglect or indifference to potential adverse affects which any of the aforementioned can have on reputation.

An internationally respected colleague, Dr. Nir Kossovsky, characterizes (a company’s) reputation, and I agree, as equating with client and/or consumer expectation.

Logically, I would assume, corporate c-suites globally, have no argument with Dr. Kossovsky’s characterization because I routinely observe them stressing the importance which they and their company attach to accommodating and sustaining customer-consumer expectations and goodwill which leads me to draw several, albeit subjective, conclusions, i.e., there…

  1. There is a rather obvious disconnect between c-suites’ often robust and eloquent treatment of the necessity to meet or exceed customer expectations when those expectations and trust are sullied by a lack of consistent oversight.
  2. There is frequent and awkward ineptness demonstrated by company some c-suites when they endeavor to mitigate reputation risks which have become public.
  3. There are, what reasonable consumers would likely regard as genuine reputation breaches when a corporate c-suite is operating on either misplaced guidance or assumptions that the act or omission underlying the materialization of a reputation risk event must rise to some preconceived (ill-conceived) metric as a requisite to public and apologetically toned acknowledgment.
  4. If there is such a metric, aside from legal (liability) or insurance rationales, it may well be that the adverse event is resonating in a manner that leaves decision makers with no further ‘cover’ options.
  5. Presumably, some c-suites believe they have achieved a level of reputation risk awareness and countermeasure sophistication to effectively thwart prospective or even some materialized risks in that they can be localized or compartmentalized to sufficiently avoid or mitigate any far reaching adverse affects.
  6. So, should the above conclusions approach reality, which I believe they do, a final conclusion may well be that c-suites’ find safeguarding their company’s reputation to be a particularly troublesome category/type of risk to consistently sustain and effectively address, regardless of the origin or reason for a reputation risk to have materialized.
  7. Ultimately, I suspect that there are numerous c-suites have arrived at a point (in the context of business and economic globalization) in which manifestations of reputation risk appear indistinguishable insofar as those which can – will transcend a company’s headquarters to adversely affect their entire global presence?

Again, it may be little wonder then why reputation risk is often characterized as being the most difficult and challenging type/category of risk to manage!

As always, I welcome your comments.

Intangible Asset Damages

July 14th, 2014. Published under Intangible asset protection, Intangible asset training for management teams., Intellectual capital management.. No Comments.

Michael D. Moberly     July 14, 2014    ‘A long form blog where attention span really matters’.

A not-so-hypothetical circumstance…

The following represents a not-so-hypothetical circumstance which I’m confident many readers have encountered. For me, as an intangible asset strategist and risk specialist, it represents one of the more consistent and disconcerting challenges insofar as safeguarding intangible assets, for which I have no one-size-fits-all answer. The hypothetical begins this way. I have been invited by Company A’s management team to conduct intangible asset awareness training and assess their intangible assets.

During the early stages of the engagement, it quickly becomes apparent that Company A has developed and utilizes company centric proprietary intellectual capital (know how) that delivers efficiencies and market – sector competitive advantages. However, as the engagement proceeds, it becomes even more apparent that the firms’ management team lacks sufficient operational familiarity with those and other particularly valuable intangible assets they have produced in terms of identifying, unraveling, assessing, distinguishing, utilizing, exploiting, and safeguarding, etc.

With respect to each of the latter, the company’s failure to recognize the contributory value, sources of revenue, and competitive advantages their specialized proprietary intellectual capital (intangible assets) are delivering represents an obvious breakdown in asset stewardship, oversight, and management. Fortunately, it is a breakdown that not only must, but usually can be remedied providing the value and functionality (life) cycle of the asset or assets remain relevant and durable.

In defense of management teams…

I should say in defense of management teams’ absence of operational familiarity with (their firms’) intangible assets, such circumstances, unfortunately, are relatively common. That is, countless companies globally have deeply embedded, in their routine business operations and processes, a myriad of intellectual, structural, and relationship capital and other forms of intangible assets which frequently, for lack of a better explanation, are taken for granted and therefore remain unacknowledged, undervalued, and thus, at risk.

So, the maximum contributory value, competitive advantages, and efficiencies these assets could deliver may remain un-exploited, if not idle, throughout their potential functionality – value cycle.  Importantly, under such circumstances, a company may never fully recognize the economic or competitive advantage benefits. An especially unfortunate element to this hypothetical is that a company management team may have no perspective for the importance or necessity to preserve (safeguard) the contributory value and competitive advantages the asset are delivering, and which the company has likely, but unknowingly, grown dependent.

Ex post facto trade secrecy requisites…

So, one important question is, can, or should this company’s proprietary intellectual capital as portrayed here, be cast (ex post facto) as trade secrets?  This of course, representing one strategy to help remedy the situation?  More specifically, can these intangibles meet the six requisites of trade secrecy (ex post facto) when in fact, the proprietary intellectual capital has not previously been recognized nor treated in a manner consistent with those criteria?  Nor are any procedures/practices in place to safeguard, i.e., preserve control, use, ownership, and monitor value, materiality and risk to those assets, i.e., infringement, theft, and/or compromise? Admittedly, I am doubtful.

A second, and equally important question is that if, not when, this particular proprietary intellectual capital is stolen, copied, or otherwise compromised, absent having any specific (trade secret requisites) safeguards in place, does Company A have grounds to mount a viable legal recourse in terms of seeking damages, assuming of course, the firm becomes sufficiently aware in a timely fashion that such adverse acts, i.e., the loss, theft, and/or compromise, have actually occurred?

The patent statute…

As articulated by Scott Hampton, Hampton IP and Economics, USC 35, 284, often referred to as the ‘patent statute’, states that patent infringement damages should be in an amount adequate to compensate the patent holder for the defendant’s infringement of the patent-at-issue.  But, in this hypothetical, Company A, the developer of the intangible assets, but previously unacknowledged user, has neither filed or been issued a patent, so this prospective remedy strategy seems, at best, very shaky, if not irrelevant.

Given my predilection that risks, i.e., theft, misappropriation, compromise, etc., to most intellectual capital assets will materialize with litigation promoted as the relevant strategy to try to regain control and use of the assets, plaintiffs will routinely endeavor to make a determination, usually early, as a element of the pre-litigation process, whether to seek lost profit – competitive advantage damages, or limit the remedies they are seeking to a reasonable royalty?  Again, its doubtful either are viable strategies for this particular hypothetical, but nevertheless, worth exploring.

Most companies do not go down the conventional intellectual property path…

It’s useful to recall at this point that today, globally speaking, it is an economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability either lie in – evolve directly from intangible assets of which conventional intellectual properties are merely one type or category of intangible asset.  However, a reasonably high, but realistically unknown percentage of companies with developed intellectual and structural capital assets presumably and purposefully opt out of the conventional intellectual property (patent) path due in large part no doubt to the expense.

So, the intent of this post is to bring clarity to the initial dilemma (question) in Company A’s hypothetical, that is, with its contributory value and efficiency – competitive advantage delivering intangible assets, can it be realistically be positioned (ex post facto) to legally seek monetary damages if key proprietary intellectual capital – structural were to be stolen or compromised when conventional intellectual properties, i.e., patents or trade secrets were not in place from the outset?

Panduit Corporation v. Stahlin Brothers Fibre Works, Inc.

Hampton points out, as we know, there is no single method for calculating lost (profit) damages, but the most common is a four-part test first recognized in 1978 in case of Panduit Corporation v. Stahlin Brothers Fibre Works, Inc.  According to the Panduit test, says Hampton, to obtain damages, the profit, in our  Company A hypothetical, a real patent owner must prove…

  • a demand exists for the (patented) product or presumably process, i.e., intellectual and structural capital.
  • there is an absence of acceptable (non-infringing) substitutes in the current market space.
  • there is sufficient manufacturing and marketing capacity to exploit that demand, and
  • with some reasonable precision, the amount of profit Company A would have made, had the adverse act not occurred.

Hampton also points out there are other means of proving lost profit damages in addition to the above Panduit test, such as measuring increases in the cost of product inputs.  Is it feasible then, for Company A to plausibly characterize the latter as costs related to the development (internally) or acquisition (externally) of other suitable (replacement) intellectual capital for that which had been misappropriated – comprised?

Please consider the following as a respectful call to action!  That is, for companies operating in the increasingly and irreversibly competitive and predatorial knowledge-based global economy where growing percentages of most company’s value, revenue, profitability, and sustainability are inextricably linked to the use and exploitation of their intangible assets, i.e., intellectual, relationship, and structural capital, most all of which are quite vulnerable when effective processes – procedures are not in place, i.e., (a.) to sustain – preserve asset control, use, ownership, value, and monitor their materiality and risk, and (b.) for asset stewardship, oversight, and management,

A special thanks to Scott Hampton, Hampton IP and Economics for the inspiration for this post at http://hamptonip.com

As always, reader comments are most welcome.

Economic Espionage Economic Consequences

July 12th, 2014. Published under Economic Espionage, Intangible asset protection. No Comments.

Michael D. Moberly    July 12, 2014     ‘A long form blog where attention span really matters’.

Economic Espionage Act of 1996…

I have been consistently engaged in studying, conducting investigative research, publishing, and consulting on a variety of ‘open source’ matters related to economic espionage beginning well in advance of the passage of the Economic Espionage Act in 1996. Admittedly, while my interest in economic espionage issues are broad based, having served fulltime in academia for 20+ years, much of my interest has been directed toward the targeting and victimization of university-based research and corporate-university research alliances by insiders, competitor intelligence, data miners, information brokers, and foreign (independent and state-corporate sponsored) entities, and now ‘legacy free players’.

A distinctive aspect of my work in this arena is that I began to characterize these entities as ‘economic and competitive advantage adversaries’ as a more relevant descriptor of…

  • the variants of economic espionage that exist today
  • the range of domestic and international parties engaged.

Admittedly, this descriptor reaches beyond the definitions (precise requisites) codified in the federal Economic Espionage Act (18 U.S.C. § 1831-1839) statute. Doing otherwise, in my judgment, is limiting, and does not begin to convey the currency, depth, and breadth of this persistent and extraordinarily predatorial risk.

Capturing diversity and methodology of global players…

Too, I believe the phrase ‘economic and competitive advantage adversaries’ better captures the diversity of global players in terms of what and why particular assets are targeted, adversary’s motivations, as well as a testament to the ‘layered methodologies’ which are challenging to unravel with respect to those actually engaged in the acquisition initiative and the ultimate and/or primary (end) beneficiary of the acquisition.

My intent for re-phrasing the time honored (economic espionage) language are that it…

  • brings greater relevance to businesses and companies and elevates their recognition that the theft or acquisition of their proprietary information, ala trade secrets, has many more dimensions and facets today compared to when the EEA became Federal law in October, 1996.
  • indicates the targets are not exclusively national security and/or defense related.

Ultra sophisticated data mining…

The product, i.e., intangible asset acquisition, analysis, and insight, etc., capable of being delivered to an end user(s) through the application of sophisticated and frequently ‘off the shelf’ data mining technologies by economic and competitive advantage adversaries today is phenomenal by any standard or metric.

Determining who the ultimate end user or beneficiary is…?

Of the countless global entities, independent operators, and legacy free players engaged in some aspect of business, competitive intelligence, and/or information brokering today whether it be legitimate or illegal, believe me, it’s not necessarily a simple task to identify precisely who the real end user (beneficiary) of the work product will be or actually is.

Absent knowing who the real beneficiary of any misappropriated – stolen information-based intangible assets is, understanding how such assets will (can) be used or applied, once acquired and delivered, particularly if there are dual-use features involved, is useful. Still it remains challenging to objectively quantify, in dollar terms, the adverse economic, including competitive advantage, reputation, market share, etc., consequences attributed to any single event or collective loss.

Economic and competitive advantage adversaries…

I do believe reframing conventional economic espionage activities in a context of ‘economic and competitive advantage adversaries’ has substantially greater relevance in today’s increasingly competitive, aggressive, predatorial, and winner-take-all global business transaction, R&D, and new product launch environments.

Too, as the global economies’ become increasingly intertwined, yet overwhelmingly dominated by highly valuable intangible assets, particularly intellectual, structural, and relationship capital, achieving most any economic and/or competitive advantage is all but sure to outweigh the relatively minimal risk associated with most targeting and intelligence collection-acquisition initiatives. In other words, it has become obvious to me and I’m sure others as well, that the significant potential benefits of securing an economic and/or competitive advantage in a specific market or industry sector exceeds, intellectually at least, most costs and/or risks.

To anyone paying more than passing attention to economic (cyber) espionage today, they should recognize the adverse activities described above, as evolving from primarily targeting defense and national security projects to an unrelenting, costly, and inevitable risk for most any (public-private) commercial entity, regardless of size or industry sector, in which valuable intangible assets are being produced and applied. It is the intellectual, structural, and relationship capital which have become the globally universal forms of currency, often with company and/or country specific application and relevance.

Extrapolating costs of economic espionage…

As for extrapolating the costs – losses of economic espionage (acts of economic and competitive advantage adversaries) to a single company or to an individual country’s economy, either as a whole or to a specific industry sector, such analysis comes with a host of challenges, not the least of which is the often subjective nature of the calculations which, it’s not unrealistic to assume, are embedded with various corporate, government, policy, and political agendas.

Interestingly, in the 25+ years that I, and numerous others, many of whom have become colleagues, have been examining and consulting in the economic espionage arena, there is little that I can readily point to insofar as objective methodologies to measure…

  • the specific damages and/or costs to a targeted/victim company.
  • how to specifically attribute –differentiate the source of those losses to acts of economic espionage, and then
  • extrapolate that data to either the U.S. or other country’s economy as a whole.

….aside from using the ‘contributory value’ approach.

Go fast, go hard, go global…

For example, the full range of economic – competitive advantage repercussions from a single incident/act of ‘economic espionage’ is challenging to fully grasp, in part due, I suggest, to the go fast, go hard, go global business transaction environment which most businesses now routinely function and the multitude of valuable intangible assets being produced.

Exacerbating this phenomena is the reality that a company’s awareness of trade secret – intangible asset theft or compromise seldom, in my experience, emerges immediately. Thus, its adverse economic – competitive advantage consequences to the victim company can only be objectively calculated if the consequences can be specifically attributable to an economic – competitive advantage event and should be done so in both strategic (long term) and near term contexts.

A rationale…

My rationale is that a single (stolen, misappropriated, compromised) trade secret and/or proprietary information (intangible asset) frequently involves multiple iterations and combinations of intellectual and structural capital being embedded which, in a strategic context, may be applicable to variety of products and/or services in different industry sectors.

It’s worth reminding readers of the globally universal economic fact, that today, 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, competitive advantage, and sustainability lie in – evolved directly from intangible assets.

I am not suggesting that the loss, theft, or compromise of a single trade secret or intangible asset is immeasurable. Rather, I am suggesting that measuring the real economic loss to a company must include objective near and long term calculations which can only come, in my view, from recognizing that trade secrets (proprietary know how) can readily become embedded with not just one, but numerous (proprietary) intangible assets.

As always, your comments are appreciated at m.moberly@kpstrat.com

Know What You Don’t Know About Intangible Assets!

July 11th, 2014. Published under Intangible asset training for management teams., Managing intangible assets. No Comments.

Michael D. Moberly    July 11, 2014    ‘A long form blog where attention span really matters’!

Know what you don’t know about intangible assets…

So, how is Michael Roberto’s book ‘Know What You Don’t Know, How Great Leaders Prevent Problems, Before They Happen’, relevant to intangible assets?  While, I dislike having to make such an admission, there is this lingering that still, a probably significant, but actually unknown percentage of business management teams and c-suites, etc., remain operationally and financially unfamiliar with their firms intangible assets.

As an intangible asset strategist and risk specialist, the obvious theme of Dr. Roberto’s book, i.e., its title, translates very well with one of my themes’ expressed consistently throughout this blog, that is, elevating intangible asset awareness among company c-suite’s and management teams and putting a company’s intangible assets to work as tools to elevate and sustain a company’s value, create new streams of revenue, and fortify competitive advantage. In other words, prevent problems before they occur.

The initial path to ‘preventing problems before they occur’ begins by encouraging business policy and decision makers to genuinely engage, and let’s be clear on this, the economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability today lie in or directly evolve from intangible assets!

From problem solving to problem finding…

In Chapter 1 of Roberto’s book for example, appropriately titled by the way, ‘from problem solving to problem finding’ the author commences with a very relevant quote from G.K. Chesterton which I take the liberty of paraphrasing somewhat, i.e., ‘it isn’t that management teams can’t see the solution, rather it’s that they often can’t see the problem’.  The problem not seen, in my view, resides in overlooking and/or dismissing intangible assets as comprising the real sources of most company value, revenue, and competitive advantage as noted above.

The author (Roberto) makes many other introspective points, which I genuinely believe translate as strikingly relevant paths for not merely elevating management team awareness and operational familiarity with intangible assets, but also, for intangibles to become routine discussion – action items on c-suite and management team meeting agendas.

To pursue this example further, I am confident that numerous company management teams would agree, there are benefits to occasionally reversing conventional thinking, i.e., from problem solving to problem finding! By this I mean, for a substantial percentage of companies globally, the intangible assets their businesses routinely produce, frequently become embedded in various operations and transactions, but remain unrecognized, undistinguished, and otherwise not exploited to the level possible.

So, put another way, in a global business environment in which such substantial and irreversible percentages of business growth, competitive advantages, value, sources of revenue, and transactions, in general are essentially being underwritten with parties’ intangible assets, too me, this signals a significant ‘business problem’ if senior members of a company’s management team remain operationally and financially unfamiliar with the intangibles in play, and leave them unrecognized and undistinguished insofar as their contributory role and/or value are concerned.

Simply stated, this is no longer an arguable point and its resolution merely requires recognition of intangibles. For me, this constitutes a reasonable and certainly valid motivator for management teams and c-suites, whose companies may be experiencing challenges, to shift from problem solving to problem finding. Problem finding may well lie in the absence of or poorly executed practices for…

  • sustaining control, use, ownership, and monitoring intangible assets’ value, materiality, and risk
  • enhancing a company’s value, sources of revenue, market share, reputation, brand, and competitive advantages, and
  • mitigating risks intangible assets.

More specifically, exhibiting disregard of, or dismissiveness toward a company’s intangible assets, particularly those with most companies routinely produce can be and often is ‘the’ problem’ and its resolution is straightforward as described here in numerous posts under the category of ‘training’..

To continue though, as readers know, a time honored starting point for solving most problems is conventionally speaking, recognizing a problem exists and/or risk has materialized with ‘problem finding’ coming through management teams’ introspection that preferably follows.  So, ‘taking a page’ from Roberto’s book, one strategy for remedying high value problems companies experience, should commence by finding/identifying the intangible assets in play.

In the context of‘ ’knowing what you don’t know and how great leaders can prevent problems for they happen’ means adding personal characteristics of anthropology and ethnography to one’s managerial repertoire.

For example, in the context of this blog, being an ethnographer would encompass identifying and observing a firms’ producers – developers of intangible assets on the proverbial shop floor, i.e., in their natural settings, wherever that may be.  In other words, ‘finding the problem’ means avoiding simply asking employees how things are going, or relying on survey data or focus groups as the dominant or sole methods for acquiring insight, i.e., problem finding.  Instead, management teams should actually ‘watch what employees do, in the same manner as an anthropologist.  That is, engage and observe how employees, customers, clients, and suppliers, etc., actually behave and interact.

This leads not only to ‘problem finding’ but more importantly recognition and appreciation for the intellectual, structural, and relationship capital (intangible assets) that are woven into each.

By conducting such observations through an anthropological and ethnographic lens, management teams can become more effective and confident ‘problem identifiers’, in large part because they have become more adept at distinguishing – analyzing the contributory role and value of their firms’ intangible assets absent subjective, misleading, or over analyzed data that sometimes leads to biases and misconceptions.

Too, by making observations through these distinctive lens, management team members are better positioned to not just identify what and how intangible assets are being used, but, if they are being used effectively, and which, if any, intangible assets need to be developed or acquired and ultimately integrated to make those processes better.

This post was inspired by Michael A. Roberto’s book ‘Know What You Don’t Know…How Great Leaders Prevent Problems Before They Happen’, Wharton School Publishing, 2009.

I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com.