Economic Espionage, Can There Be A Rationale?

November 15th, 2014. Published under Economic Espionage, Insider Theft of IP and Intangible Assets. No Comments.

Michael D. Moberly   November 15, 2014   ‘A blog where attention span really matters’!

Peculiarly perhaps, economic espionage has been an arena which I have devoted consistent interest and work for 25+ years when I began designing and conducting independent investigative research projects into global economic – competitive advantage adversaries stealing intellectual properties belonging to university-based R&D and their spinoff companies.

One obvious outcome to my work in this arena is that I would be hard pressed to conceive of any rationale whereby economic espionage would be portrayed in other than the most negative context, particularly how it has morphed today as becoming consistent and sophisticated barrages of cyber theft.

Industrial (economic) espionage and its close cousin product piracy and counterfeiting are certainly not new phenomena as each have presented consistent challenges since man first began etching distinguishing (trade) marks on their products.

I remain intrigued however by the boldness of Drs. Whitney and Gaisford (then) of the University of Calgary, in their 1999 paper titled ‘Rationale For Economic Espionage’. While their perspective is thoughtfully articulated, and not without some merit, economic espionage remain as acts which most countries’, institutions, and companies find repugnant and devote substantial resources to combating.

Whitney and Gaisford posit economic espionage can yield strategic, competitive advantage, and cost savings to the beneficiaries. On that point, no argument here! So, when technologically advanced entities are targeted and spied upon, it’s feasible, Whitney and Gaisford suggest, that both may ultimately be better off. The ‘better off’ in this instance, translates as the ‘transfer of technology’ which some argue has become the primary path to world’s greatest transfer of wealth.

As always, readers comments are welcome and respected!

Three Things Business Leaders Should Know About Intangible Asset Risk

November 13th, 2014. Published under 'Safeguarding Intangible Assets', Reputation risk.. No Comments.

Michael D. Moberly    November 13, 2014    ‘A blog where attention span really matters’!

Risks to intangible assets can materialize rapidly and cascade throughout an enterprise and its supply-value chain to adversely affect a company’s reputation, brand, competitiveness, and sources of revenue. With growing frequency materialized reputation risks are long lasting insofar as returning to operational normalcy and have become a costly and time consuming endeavor. It’s clear now, in a growing number of instances significant reputation risks can be, quite literally, irreversible. As an intangible asset strategist and risk specialist, companies operating in today’s aggressively competitive, predatorial, and winner-take-all global business environment, it is essential to recognize that company value, competitiveness, and primary sources of revenue are dominated by intangible assets, as such…

  1. intangible assets should not be construed as merely constituting new business jargon with responsibilities and/or tasks which can be dismissed or neglected based on the misapprehension it will get done as time permits, when the resources become available, or when competitors are seen doing it!
  2. the responsibilities associated with managing and safeguarding intangible assets, i.e., preserving their control, use, ownership, and monitoring their value, materiality, and risk are very much akin to fiduciary responsibilities as described in Stone v. Ritter, 911 A.2d 362 (Del. Supr. 2006).
  3. in today’s increasingly ‘flat world’ (Thomas L. Friedman) in which R&D, global business transactions, and company operations are routinely conceived, driven, and executed by the interconnected flow of data and information, i.e., intangible assets in the form of intellectual, structural, and/or relationship capital, it’s all the more important that management teams converge their expertise to ensure the intangibles that are in play, are effectively safeguarded and positioned to realize the economic and competitive advantage benefits which they are capable of delivering without succumbing to risks, challenges, or other forms of asset compromises.

To enable this to occur, business leaders and management teams are obliged to execute the necessary and effective practices, processes, and strategies, along with a (enterprise-wide) culture which (a.) recognizes and appreciates intangible assets, and (b.) possesses levels of alertness and skill to sustain key assets’control, use, and ownership.

As always, readers comments are encouraged and most welcome!



Intangible Asset Literacy

November 12th, 2014. Published under Intangible asset strategy, Intangible asset training for management teams.. No Comments.

Michael D. Moberly    November 12, 2014     ‘A blog where attention span really matters’!

Avoid being a management team member or business decision maker that is reluctant to engage or is dismissive of their company’s intangible assets!

Unfortunately, I still routinely find management team members and business decision makers who convey an inclination to interpret the phrase ‘knowledge-intangible asset based global economy’ to be more (a.) cliché than reality, and (b.) relevant to Fortune 500’s, presumably rich in intellectual property, know how, and R&D, than small, medium size and entrepreneurial companies..

Obviously, I do not share such ill-fated perspectives, rather, I advocate this reality…unless and until more management teams, c-suites, D&O’s, shareholders, investors, and growing numbers of stakeholders begin recognizing…

  • intangible assets comprise 80+% of most company’s value, sources of revenue and foundations for growth, profitability, and sustainability.
  • the prudence of consistently engaging the intangibles their company produces or acquires and practice effective stewardship, oversight, and management.
  • the necessity to develop practical strategies to sustain control, use, ownership, and monitor asset value, risk, and materiality

…otherwise, these companies will not experience the growth, which most are capable, instead will find themselves in a downward and perhaps irreversible trajectory relative to their (a.)  competitors and market space, and (b.) value, sources of revenue, and strategic ‘building blocks’ for growth, profitability, and sustainability!

In addition, should such intangible asset illiteracy and dismissiveness persist, numerous other potential adverse outcomes will likely occur, among them being…

  • significant unrealized (asset) value and exploitation opportunities are left on the proverbial table
  • assets will remain vulnerable to the myriad of economic and competitive advantage adversaries (globally) to acquire and exploit to enhance their company or client.

As always, reader comments are most welcome!

Reputation Risks vs. Public Relations

November 5th, 2014. Published under Enterprise risk management., Fiduciary Responsibility, Reputation risk.. No Comments.

Michael D. Moberly     November 5, 2014   ‘A long form blog where attention span really matters’!

‘Houston, we’ve got a problem’!  The problem, in my view, is that there are far too many business decision, makers, c-suites, boards, and management teams who persist in framing and seeking resolution to their company’s – businesses’ public persona through conventional public relations lens and not as, in most instances, they should, through a very nuanced and sector specific reputation risk lens.

There seems to be no end to the number of globally operating companies, irrespective of sector, which have taken substantial ‘direct hits’ to their reputation of late. To be sure, reputation risk is certainly not the exclusive domain of Fortune designated firms. And too, there is no indication the number, or the criticality associated with reputation risks will diminish, at least in the near term.

Relevant U.S. Congressional Committees are consistently geared up for investigatory hearings, and yes, numerous have political underliers. That notwithstanding, they all essentially seek answers to the proverbial questions, i.e., who knew what, when did they know it, and what, if anything, did they do about it upon first learning about it’.

Collectively, this should prompt us to ask, and quite correctly so in my judgment…

  • are these mere public relations issues which presumably can be adequately managed through various conventional and social media platforms and public statements and presumptively dissipate with no long term detrimental – adverse financial and/or competitive advantage affects?
  • or, are adverse acts, events, and/or oversights that materialize, the inevitable outcome of dispersed manufacturing and operational (quality control) failures, which, when they come to light, have a higher probability of manifesting as substantial, long term, and potentially irreversible (semi-permanent) risks to a company’s reputation which conventional public relations initiatives may exacerbate instead of ameliorate.

The intangible asset ‘risk of risks’ is a company’s reputation!

Company reputation is an intangible asset of the first order.  So, perhaps it would be useful to say again it an economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, competitiveness, and sustainability lie in or evolve directly from intangible assets, of which reputation is one.

Respectfully, I suspect this economic fact may have prompted The Economist’s Intelligence Unit (EIU) to produce a ‘global risk briefing’ paper titled Reputation: Risk of Risks.

Company reputation is defined (in the Economists’ report) as ‘how a business is perceived by stakeholders, including customers, investors, regulators, the media, and the wider public’.  To be sure, a company’s reputation ‘declines when things fall short of expectations’.  When not one, but multiple consumers – users expectations are not met by a company’s products or services, then it’s unlikely comprehensive and long term remediation will come through conventional public relation strategies.

Company reputation is a prized and increasingly valuable, yet vulnerable and even sometimes fragile asset which the respondents to the EIU survey agreed by stating that sustaining a positive company reputation is a main concern for the majority of risk managers, ahead of, for example…

  • regulatory risk
  • human capital risk
  • IT network risk
  • market risk, and
  • credit risk.

It’s fair to say now that company reputation risk has risen to the level of being a fiduciary responsibility (and concern) that extends well beyond senior risk managers to being permanent fixtures on company management team dashboards, i.e., Stone v Ritter.

In most instances, companies would be well advised to acquire a deeper appreciation, clarity, and understanding of the asymmetric nature (elements) of reputation risk which can be summed up as…unsatisfactory (poor) company reputation can rapidly, and often times irreversibly and adversely affect a company economically and competitively, aside from the embarrassing and probing questions that will be inevitably posed by the media Congressional Committee members, especially, those who have constituent(s) who personally suffered due to a company’s obvious absence of understanding and correcting reputational risks in a timely manner.

Preferably, reputation risks are identified, assessed, and remediation is commenced in a manner that meets or exceeds regulatory agency oversight, statutory requirements and before unwitting consumers die or become injured as a consequence.

As always, readers comments are most welcome!

New Drivers of Computer/IT Security: Contributory Value, Materiality, and Risk!

November 4th, 2014. Published under Cyber security, Enterprise risk management.. No Comments.

Michael D. Moberly   November 4, 2014   ‘A blog where attention span really matters’!

Achieving efficiencies by differentiating the information and data being safeguarded…

Aside, for the moment, statutory and regulatory mandates, I am increasingly confident the day is quickly approaching (in many instances, it already has, in my judgment) when it becomes impractical for companies to assume the costs and time of installing ever bigger, one size fits all, snap-shot-in-time firewalls and data/information security – protection systems and products to try to thwart the growing numbers of intensely sophisticated and global economic and competitive advantage adversaries and legacy free players, aka hackers.

There are two key and inter-related reasons why I believe this to not only be true, but an inevitability.

First, it is a globally universal and irreversible economic fact that rising percentages – 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets, primarily in the form of intellectual, structural, and relationship/social capital and other forms of intellectual property.

Second, data/information generation, storage, and archival needs are continually ratcheting up from megabytes, gigabytes, to terabytes+, particularly in intangible asset intensive and dependant companies and R&D sectors.

So, out of necessity to achieve cost efficiencies and a more specified return on investment, technologies must be developed with heretofore unique capabilities to differentiate company information and data that should receive the maximum IT/computer safeguards, which initially I propose, encompass the following four factors, i.e., the (intangible) assets…

  • contributory value to a particular project, product, and/or the company’s mission.
  • continued materiality to a particular project, product, and/or the company’s mission.
  • level of assessed risk to theft, infringement, misappropriation, etc.
  • relevance to a company’s reputation (image, goodwill, brand) etc.

IT-Cyber Security Driven By Data/Information Value

October 29th, 2014. Published under 'Safeguarding Intangible Assets', Cyber security. No Comments.

Michael D. Moberly    October 29, 2014   ‘A long form blog where attention span really matters’.

Computer/IT breaches breeding grounds for reputation risks…

Wisely, businesses are, for compliance, liability, and reputation reasons, quietly, but rather desperately seeking current and what they believe to be the most effective technologies and software to secure the data and information they produce, transmit, and store which has presumptively and legally been entrusted to their care and control.

Prompting and exacerbating these circumstances have been numerous, very public data breeches and thefts particularly those afflicting large retailers victimized by conglomerations of hackers who acquire untold numbers of personal identifiers and credit information.

Certainly no argument here when such adverse events/acts successfully target a business, in most instances they, quite correctly, produce very public outcry and oversight agency ridicule which, in many instances, rapidly manifests as reputation risk, which an unfortunately high percentage of c-suites and management teams appear to assume, can be just as rapidly stabilized or favorably reversed.

How such adverse events are conceptualized…

What I am proposing is that an unnecessarily high percentage of business leaders and management teams, including the IT/computer security software development community are inclined to conceptualize adverse events affecting data/information, and the economic, competitive advantage, and reputation challenges that follow, through a security vs. an asset value and safeguard lens.

Of all the seminars and product demonstrations I have attended over the span of 25+ years, I am hard pressed to recall any IT/computer security software developer, manufacturer, or vendor frame their products’ advantages in an asset (data, information) value and/or safeguard context.

Asset value can be characterized in many ways…

Asset value of course can be characterized in numerous contexts, aside from the conventional dollar guesstimates, e.g. its proprietary status, its sensitivity to its owner – holder, or its ‘contributory value’.

Efficiencies will accrue…

I am suggesting that efficiencies can accrue to data/information safeguards if IT/computer security…

  • were designed to reflect data/information value vs. the ever changing and sophisticated risk – threat trends emanating from the global hacking and cyber warfare entities.
  • software were designed to detect and differentiate information asset value fluctuations and materiality and reflect same in gradations of data/information security.

The efficiencies that would then accrue to IT security systems and companies in general, merely by not treating all data/information as if it had equal standing or its value was constant.

As always reader comments are most welcome!

Company Culture, It’s A Necessity, Not A Luxury or Option!

October 23rd, 2014. Published under Company culture and reputation., Intangible asset strategy. No Comments.

Michael D. Moberly    October 23, 2014   ‘A blog where attention span really matters’!

Company culture is a valuable, but intangible asset…

Readers recognize that a company’s ‘culture’ is a valuable and operationally and strategically critical collection of intangible assets which can favorably or unfavorably affect brand, image, goodwill, structural capital, and competitiveness.

As the U.S. and other countries’ businesses began their emergence from the economic doldrums of previous years, the Society for Human Resource Managers (SHRM) commissioned a survey in 2012 which queried 770 human resource leaders about significant workforce management and staffing challenges which the respondents reported, in rank order, the following…

  • company culture management
  • employee engagement
  • employee retention
  • effective performance management, and
  • employee recruitment.

While I am confident readers’ and intangible asset strategists do not find these findings particularly revelatory, they are instructive. For example, when considered in the context that a ‘company’s culture’ frequently constitutes a convergence of intangible assets a full 90% of the survey’s respondents identified ‘company culture management’ as being (a.) important, or (b.) very important!  For company culture advocates like me no particular surprise there.

Issues to take note of…

One is, the surveys’ findings should prompt management teams and c-suites to recognize that devoting time, energy, and a modicum of resources to building – developing, and sustaining an effective and sector relevant company culture will, in most instances, deliver strategically favorable and measurable returns that contribute directly to a company’s value, sources of revenue, and sustainability.

Second, the surveys’ findings give persuasive credence to the view that a well managed and customer/client/sector relevant company culture, whereby employees, management teams, c-suites, and boards collectively recognize, respect, and are consistently committed to sustaining the necessary intellectual, structural, and relationship capital, i.e., intangible assets, can, with little doubt, elevate a company’s overall performance.

Third, integral to both of the above lies the globally universal economic fact – business reality that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for achieving growth, profitability, and sustainability today lie in or evolve directly from intangible assets, one of which, of course, is the sustainability of a sector relevant company culture!

Reputation Risks Are Predictable

October 21st, 2014. Published under Reputation risk.. No Comments.

Michael D. Moberly   October 21, 2014   ‘A long form blog where attention span really matters.’

In most instances, there are numerous preludes to the materialization of reputation risk…

I am hard pressed to recall any company or organization I have engaged on intangible asset matters in recent years, irrespective of industry sector, that most anyone with a modicum of familiarity with ‘reputation risk’ could not have identified at least one probable and substantial (reputation) risk waiting to materialize. Naysayers, for which there are many, often argue that risk in general, and reputation risk in particular are inherent facets of doing business in highly competitive and predatorial global environments.

But, seldom, in my view, do reputation risks inexplicably materialize absent the presence of certain’ risk preludes’ or prerequisites, many of which are recognizable in advance, but dismissed, neglected, or arrogantly characterized as merely being drivers of a competitive company’s culture.

A significant percentage of reputation risks erupt when (a.) certain ‘reputation undermining’ acts, behaviors, events, decisions, or culture are tolerated or encouraged and interact with a company’s operations, its transactions, or strategic planning, or (b.) management teams are unfamiliar with the development of intangible assets of which reputation is one.

The speed and trajectory of reputation risks…

The speed which adverse events, acts, and behaviors can coalesce to become legitimate reputation risks remain somewhat speculative in as much as they are variously dependent on (a.) the time frame in which a materialized risk becomes public knowledge, (b.) the adverse economic and competitive advantage affects the risks are producing, and (c.) whether the risk finds a receptive and pre-disposed audience where the risk resonates and achieves the requisite traction which prompts its escalation. This is particularly relevant when a risk manifests in consumer – user death, injury, or adverse health.

Similarly, the trajectory which a particular (reputation) risk may take is seldom more than a ‘best guesstimate’. In other words, the trajectory of a reputation risk is similarly dependent on numerous variables and factors coalescing in a global business climate in which risk in general are become more asymmetric , multi-faceted, and complex insofar as mitigation or internal absorption is concerned.

It is true that some forms of reputation risk intensify quite independently, irrespective of risk prevention, mitigation, and management initiatives. Unfortunately, there is no shortage of company c-suites who naïvely assume that the speed which some reputation risks materialize and the trajectory those risks may take is longer and more predictable than what it ultimately is.

Management teams and decision makers would be well advised to recognize there are few, if any, term (time) limits in which some types of reputation risk can materialize and  produce costly and quasi-permanent damage, just ask General Motors.

Reputation risks’ rear view mirror perspective…

Engaging in a quick scan of public domain articles published in business and academic journals, blogs, government agency oversight reports, and other open source media, one quickly sees there is no shortage of media that are purposed to draw attention to the adverse affects associated with materialized reputation risks, albeit with the benefit of a rear view mirror context.

As readers know, identifying potential – probable reputation risks is not, standing alone, a particularly challenging task. But, merely identifying a potential risk seldom includes the necessary analysis and assessment of a company’s desire or ability to distinguish the myriad of acts, behaviors, verbal miscues, or process oversights, etc., which…

  • can achieve the requisite traction, external appeal, and media attention to become full blown reputation risks, and
  • produce rapid, near and long term adverse effects to the victim company’s economics, competitive advantages, image, goodwill, and of course, reputation.

Similarly, I find there is no particular challenge to engage in a ‘bomb damage assessment’ or reverse investigation in order to reveal reputation risk consequences. What’s necessary is to recognize and understand the points of origin and rationales why a reputation risk materialized in the first place and why it intensified.

Reputation Risk Mitigation Emerging As A Security Specialization

October 17th, 2014. Published under Reputation risk., Uncategorized. No Comments.

Michael D. Moberly    October 17. 2014    ‘A blog where attention span really matters’!

Business reputation risk emerging as a specialized security discipline…

Mitigating business reputation risk is evolving into a specialized discipline and presumably one that will eventually produce some obligatory (dedicated) education and certification not unlike what is already associated with other disciplines with standalone specializations. For example, in the security and asset protection field, the American Society for Industrial Security International has differentiated its membership interests and expertise through 29 Councils, each reflecting a particular facet of security, loss prevention, and asset protection to the private, public, and government sectors.

With respect to mitigating company reputation risk, I suspect, in the not too distant future, ASIS International will recognize the relevance and distinctive contributions made by reputation risk specialists and accordingly adopt another Council.

Public relations argue reputation risk rooted there…

There are countless public relations firms and solo PR practitioners who characterize mitigation and management of reputation risk as having roots in their profession and thus should be and frequently tweak there services accordingly to convey their profession as the presumptive lead, insofar as being the logical first choice resource and service which companies experiencing materialized reputation risks should turn to for mounting a response, and monitoring, mitigating, and managing such risks.

Rising percentages of security practitioners engaged in reputation risk issues…

Interesting, in as much as I am an intangible asset strategist and risk specialist, I find, anecdotally, admissions of rising percentages of security, loss prevention, and asset protection practitioners time being devoted to addressing risks related to a companies’ intangible assets which reputation, brand, image and goodwill are certainly integral components.

A recent example of security’s rising interest in and obvious mandate to learn more and engage company reputation risk was evidenced by the first full presentation devoted exclusively to reputation risk being accepted for delivery at ASIS Internationals’ 2014 (September 28 – October 1) Annual Seminar & Exhibits. The speakers for this presentation were myself, Dr. Nir Kossovsky, and Kevin Peterson with the session attracting 100+ attendees.

Security professionals are frequently horizontal lookers and thinkers…

Often, I find security, loss prevention, and asset protection practitioners possess a distinguishing attribute, that being horizonal looking and thinking. In other words, they are inclined to foresee and devise on strategies to deter, mitigate, if not prevent, new and anticipated risks and threats before they materialize and adversely affect their employer or clients’ assets. More specifically, security professionals are acquiring a stronger appreciation for the economic fact that 80+% of most companies value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets, which again, company reputation is one!

Another favorable product to security’s elevated operational familiarity with intangible assets sector – discipline specific experience with intangibles is that their ‘horizontal attributes’ render them both inclined and able to identify and unravel niches of overlooked – unmet business risks, and challenges which warrant resolution, ala risk to a company’s reputation.

Too, security administrators are well positioned to draw attention to such unrecognized or dismissed risks by characterizing them in probable, costly, and often irrevocable impact contexts.

As always, reader comments are most welcome!

CENTRA Technologies: Estimating the Economic Costs of Espionage

October 8th, 2014. Published under 'Safeguarding Intangible Assets', Economic Espionage. No Comments.

Michael D. Moberly    October 8, 2014     ‘A long form blog where attention span really matters’.

CENTRA Technologies 2010 study, ‘Estimating the Economic Costs of Espionageclose to perfection…

In an excellent, but somewhat overlooked, report published in May, 2010 and prepared for CENTRA Technology by the George Bush School of Government and Public Service at Texas A&M University, ‘researchers constructed a model initially designed for use by the government sector, but which, I find, has relevance to the private sector because it measures economic espionage losses by industry sector.

More specifically, the model identifies and distinguishes the severity and consequences of economic – cyber espionage incidents to the U.S. economy. The ‘CENTRA’ model which Texas A&M researchers constructed…

applies a (loss) ‘severity score’ between 0 and 1, and include open source (case study, incident) information so as to provide a qualitative estimate of the economic “consequences”.

  • low
  • moderate, and/or
  • high adverse (economic) consequences – losses, relative to
    • the victim company’s industry sector, and thus factors two sets of variables, i.e.,
      • Industry variables, i.e., assess the significance of where the incident of economic espionage occurred.

Note: Industry is derived from a combination of the percentage of GDP for each of the 14 industry sectors and the susceptibility/vulnerability of each sector. This process enables the CENTRA model to be individualized to a specific industry and recognizing potentially different consequences to the U.S. economy.

  • Case variables i.e., assess the significance of economic espionage incidents on the basis of…
    • characteristics of the theft (incident) itself.
    • costs directly attributable to the incident (loss) and
    • who the beneficiaries to the incident actually are.
  • Seldom are two incidents of economic espionage identical. To address this, Texas A&M researchers, developed a system for weighing the variables and questions further analysis that such ‘weights’ prompt.
  • So, the Texas A&M model requires practitioners to…
    • first, identify the industry sector in which the incident occurred, and
    • second, identify (individual, specific) ‘case – incident variables’.Ultimately, with all the variables measured, standardized, and weighted against each other, the CENTRA model calculates an overall severity score, which corresponds to individualized (company specific) consequence to incidents of cyber-economic espionage.

This post was inspired by a George Bush School of Government and Public Service, Texas A&M University research project titled   “Estimating the Economic Costs of Espionage”. The reports was prepared for CENTRA Technology by the the Capstone research team comprised of Rich Bell, J. Ethan Bennett, Jillian R. Boles, David M. Goodoien, Jeff W. Irving, Philip B. Kuhlman, and Amanda K. White.  

As always, reader comments are most welcome.