Michael D. Moberly April 26, 2010
Throughout my 25+ years of experience in the intellectual property – intangible asset arena, much of which remains focused on the protection side, seldom do I recall specific dollar values of stolen, infringed, or misappropriated corporate (trade) secrets and proprietary information being the subject of conversation. However, I have been part of countless conversations when wide-ranging and subjective ‘guesstimates’ would be offered about the value of missing information assets.
There were, and remain, various reasons why companies do not provide more detail about losses and/or compromises of corporate (trade) secrets. One is, there is no objective methodology or formula in which to calculate/assign a precise, defensible, and un-challengable dollar value to losses of company (trade) secrets.
Not in-frequently, I would find that when companies experienced a particularly significant loss or compromise of a trade secret, they would hurredly resurect a laundry list of resources used to produce that asset (from its inception to its execution) along with estimates of the associated cost of those resources. The results would then be tallied to represent the value of the now missing asset.
This approach would not account for or reveal however, the underlying and contributory (enterprise-wide) value of a compromised information asset. In other words, if the secret/proprietary information was embedded in, for example, multiple processes or procedures that permitted a company to achieve (current, future) competitive advantages or an enhanced market position, it was unlikely those initial calculations revealed that additional, but very real, value.
A second reason companies were, and generally remain reluctant to provide more precise information about a dollar value of lost and/or compromised (trade) secrets is that it may become problematic from a public relations, shareholder, or legal strategy perspective, particularly if litigation is pursued, by:
1. Undermining consumer – shareholder confidence.
2. Encouraging (leaving the door open to) unflattering challenges about the validity and replicability of how the value of the missing information asset was reached.
3. Prompting (legitimate) questions about the company’s overall information asset protection capabilities and practices, on a fiduciary responsibility level.
Relevant to all of this is a recently published (March, 2010) Forester Research study commissioned by Microsoft and RSA, titled ‘The Value of Corporate Secrets: How Compliance and Collaboration Affect Enterprise Perceptions of Risk’.
Having read and studied numerous similar surveys and studies, this particular Forrester Research product is distinguishable because the principle investigators, in conducting the research, sought to incorporate their understanding of the following into the findings, i.e., the,
1. Value of sensitive information contained in corporate portfolios, as a whole.
2. Variety of security controls used to protect that information.
3. Drivers of information security programs, i.e., what influences companies (internally, externally) to impose security controls on its information assets.
4. Cost and impact of enterprise data security incidents, apart from corporate (trade) secrets and sensitive, proprietary information.
The key findings of Forrester Research’ ‘The Value of Corporate Secrets: How Compliance and Collaboration Affect Enterprise Perceptions of Risk’ study were:
1. Secrets comprise two-thirds of the value of most companies information portfolio.
2. Compliance, not security, is the primary driver of (information) security budgets.
3. Companies focus a great deal of time/resources on preventing accidents, but theft (of trade secrets) is actually more costly.
4. The more valuable a company’s trade secrets/proprietary information is, the more ‘incidents’ it will likely experience.
5. Chief Information Security Officers (CISO’s) typically do not know how effective, or perhaps conversely, how ineffective, their company’s information security controls really are.
And, let’s not overlook the fact that corporate trade secrets and proprietary information constitute intangible assets, and the economic fact that 65+% of most company’s value, sources of revenue, and foundations for future wealth creation and sustainability lie in – are directly related to intangible assets.
I welcome your comments and perspectives.