Michael D. Moberly August 18, 2009
Insider theft of IP and intangible assets will likely continue to rise and become even more irreversably devastating to (victim) companies. In large part the increase is attributable to two things:
1. the economic fact – business reality that higher percentages (65+%) of company value, sources of revenue, sustainability, and future growth now lie in – evolve from intangible assets such as intellectual property, proprietary know how, and other forms of intellectual capital that are readily available and vulnerable.
2. the category/class of insider thief which Carnegie Mellon’s CERT Program calls ‘the entitled independant’.
In their recently published report titled ‘Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model’ an entitled independant is described as an ambitious insider, acting alone, who steals information which they have contributed to its development. They do this in order to take it to a new job or to use in their own side business.
Of the ‘entitled independants’ CERT studied, nearly 75% were actually involved in the development of the (proprietary) information they ultimately stole and came to possess a ‘sense of entitlement’ which can manifest itself further in some instances as a ‘sense of ownership’. A correlation exists between the entitled independants’ perception of contribution and the likelilhood they will develop a sense of entitlement (ownership).
Many management teams and decision makers will undoubtedly find these findings interesting. But, to those who remain dismissive or hesitant to act on CERT’s findings and models, they’re encouraged to also review McAfee’s recent survey titled ‘Unsecured Economies: Protecting Vital Information’. Here, respondents agreed (not surprisingly) that if an employee, perhaps comparable to CERT’s ‘entitled independant’ is able to appropriate (steal) valuable information assets it will likely lead to the production of a comparable product or service (albeit it a counterfeit or involving infringement) and win space in the marketplace at a far lower cost.
Preferably though, as more management teams and business decision makers come to recognize just how relevant IP and intangible assets are to their company’s value, revenue, sustainability, and growth, their motivation to seek out and act on the findings of relevant reseach studies, like those produced by CERT and PERSEREC (Personnel Security Research Center) will elevate.
Be assured though, company management teams will want their awareness to be simultaneously joined by effective and precise strategies to mitigate, counter, and/or combat the findings that resonate (with them) most. Such strategies should commence with, (1.) purposeful dialogue among a company’s various (turf oriented) professional disciplines and business units, i.e., specialists in information asset protection, HR, IP, IT security, risk management, marketing, R&D, etc., and (2.) disciplined attitudes (among the various disciplines) to reach consensus on what actions are necessary to effectively address (mitigate, counter, prevent) the risks on an enterprise wide basis.