Michael D. Moberly January 19, 2012
Throughout my 25+ years of experience in the intellectual property – intangible asset side of business I recall only a handful of instances in which a company had assigned (presumably calculated) a specific dollar value, beyond a subjective estimate, to stolen, infringed, or misappropriated trade secrets (proprietary information).
On the other hand, I have been part of conversations, too numerous to mention, when a company representative would offer guesstimates about the value of ‘missing’ information assets.
There are various reasons why companies do not provide more detail about a loss or compromises of a trade secret or information deemed proprietary. One reason is, there is no standard methodology to objectively calculate (assign) a more precise, defensible, and preferably unchallengeable dollar value to a loss or compromise.
Not in-frequently, I have found that when a company experiences a particularly significant information asset loss or compromise, their initial reaction is to hurriedly resurrect a laundry list of resources used to produce that asset (from its inception to its execution) along with estimates of the associated cost of those resources. In such instances, simple arithmetic would be applied to tally the costs as representing the value of the missing asset.
Such approaches provide little if any insight to the underlying and contributory (enterprise-wide) value of a compromised information asset. In other words, if the secret/proprietary information was embedded in, for example, multiple processes or procedures that permitted a company to achieve (current, future) competitive advantages or an enhanced market position, it’s unlikely such simple calculations would reveal that additional, but very real, value.
A second reason companies may be reluctant to provide more precise (dollar value) information about stolen and/or compromised trade secrets and proprietary information is that by doing so, it may become problematic from a public relations, stakeholder, and legal perspective. And, if litigation (civil, criminal action) is being considered a more thorough analysis may…
- undermine consumer – shareholder confidence.
- encourage (leaving the door open to) unflattering challenges about the validity of the methodology the company used to reach a dollar value.
- prompt (legitimate) questions about the company’s overall information asset protection capabilities and practices, on a fiduciary (responsibility) level.
Relevant to all of this is a Forester Research study (March, 2010) commissioned by Microsoft and RSA, titled ‘The Value of Corporate Secrets: How Compliance and Collaboration Affect Enterprise Perceptions of Risk’.
Having read and studied numerous similar studies, this particular study stands out in my view because the principle investigators incorporated the following into their analysis of the findings, i.e., the,
- value of sensitive information contained in corporate portfolios, as a whole.
- variety of security controls used to protect/safeguard that information.
- drivers of information security programs, i.e., what influences companies (internally, externally) to impose security controls on its information assets.
- cost and impact of enterprise data security incidents, apart from corporate (trade) secrets and sensitive, proprietary information.
The key findings of this Forrester Research study are…
1. Secrets comprise two-thirds of the value of most company information portfolios
2. Compliance, not security, is the primary driver of (information) security budgets
3. Companies focus a great deal of time/resources on preventing accidents, but theft (of trade secrets) is actually more costly.
4. The more valuable a company’s trade secrets/proprietary information is, the more ‘incidents’ a company will likely experience.
5. Chief Information Security Officers (CISO’s) typically do not know how effective, or perhaps conversely, how ineffective, their company’s information security controls really are.
Ultimately, it’s important to recognize that…
- trade secrets and proprietary information are intangible assets, and
- 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability lie in – directly evolve from intangible assets.