Looming threats

The vulnerability of trade secrets stems from legal and illegal, internal and external, and intentional and unintentional threats. Before companies can develop a toolkit of protective measures, they need to identify the most prominent concerns and threats.

Despite the growing importance of trade secrets to corporate value, companies often fail to formally recognise proprietary information as a trade secret – an important first step towards protecting that information. 1
In the event of theft and other disclosure, companies must be able to prove that the stolen information is accurately defined as a trade secret in order to be legally protected. According to our survey, a fifth of respondents cite difficulty in defining trade secrets as one of the biggest obstacles to safeguarding proprietary information. Difficulty in providing sufficient proof of misappropriation is the second highest ranked obstacle to trade secret protection.

Clearly identifying what you would call your ‘crown jewels’ is an exercise in and of itself. Not all data and information has the same value and defining the company ‘crown jewels’ is well worthwhile.
Anil Cheriyan, Executive Vice President, Strategy and Technology at Cognizant

Top threats to trade secrets

What do you regard to be the most significant threats to the security of your organisation’s trade secrets? (% of responses)

Top threats by country

What do you regard to be the most significant threats to the security of your organisation’s trade secrets? (% of responses, by country)

Sector-level threats

What do you regard to be the most significant threats to the security of your organisation’s trade secrets? (% of responses, by sector)
The worlds of trade secret theft and corporate ‘bring your own device’ policies are connected–this is a bad idea that has become a corporate norm.
Professor Matt Marx, Bruce F. Failing Sr. Professor of Entrepreneurship at Cornell University

Globally, cybersecurity and employee leaks are cited as the leading threats to companies’ trade secrets. Third-party leaks are also a high priority for companies in the United States, Singapore and China, where a majority of respondents also believe that their organisations’ contractual protections are not sufficient to protect trade secrets. Cybersecurity concerns are top of mind for the energy and natural resources sector, the manufacturing sector, and the technology, media and telecommunications sector, while employee risks lead in the consumer goods and retail, finance and life sciences sectors.

Cybersecurity: The leading concern

Valuable company assets are particularly vulnerable to cybercriminals who are able to hack computers and bypass security systems. 2
https://gtr.ukri.org/projects?ref=EP%2FP005039%2F1#:~:text=Cyber%20criminals%20target%20valuable%20company,their%20value%20from%20 their%20secrecy; https://www.sciencedirect.com/science/article/pii/S0167404819300616
Executives are becoming aware of the potential threat of cybercrime to their assets, with almost half of respondents identifying cybersecurity weaknesses as the top threat.

People sharing secrets

Case study 1: ThyssenKrupp

Threat: External cyberattack

What happened?: In 2016, ThyssenKrupp, a German industrial conglomerate, revealed that it fell victim to a “massive” organised cyberattack in which hackers stole technical trade secrets. The worlds of trade secret theft and corporate ‘bring your own device’ policies are connected–this is a bad idea that has become a corporate norm. Professor Matt Marx Bruce F. Failing Sr. Professor of Entrepreneurship at Cornell University

Lesson learned: The company’s senior leadership highlighted the importance of providing cybersecurity training, raising awareness about trade secrets and enhancing international co-operation to prevent such attacks in the future.

Ongoing digital transformation and the acceleration of remote working brought on by the pandemic have exacerbated cybersecurity challenges. As employers embrace flexible working models and employees work from home on personal devices and networks, it is increasingly difficult for companies to keep track of and secure the flow of data – including valuable proprietary information – across internal networks. 3 https://www.mckinsey.com/featured-insights/future-of-work/whats-next-for-remote-work-an-analysis-of-2000-tasks-800-jobs-and-nine-countries; https://www.gartner.com/en/newsroom/press-releases/2020-07-14-gartner-survey-reveals-82-percent-of-company-leaders-plan-to-allow-employees-towork- remotely-some-of-the-time; https://www.forbes.com/sites/waynerash/2020/06/17/your-vpn-may-be-your-greatest-security-risk-during-covid- 19/?sh=4bcc5d9231a6; https://www2.deloitte.com/ng/en/pages/risk/articles/covid-19-impact-cybersecurity.html “The worlds of trade secret theft and corporate ‘bring your own device’ policies are connected,” says Professor Matt Marx, professor of entrepreneurship at Cornell University. “This is a bad idea that has become a corporate norm.” As companies increasingly bring external stakeholders into their digital ecosystems and use multiple cloudbased services, the risk of third-party breach also rises.

Hannah Netherton
The biggest threats are often when employees leave, typically combined with a move to a competitor. Organisations need to create an environment in which their secrets are protected, by auditing and updating onboarding and offboarding processes, and by managing working practices and culture, especially remote working. Simple actions like deactivating access to cloud accounts are often overlooked, but can be critical.
Hannah Netherton, Partner, Employment Team, CMS

Employee leaks: An insider threat

Companies also need to take stock of their employees’ role in exposing trade secrets. Just under half of the executives surveyed in this research regard employees as a critical source of leaks, whether intentional or not. In recent years the number of trade secret misappropriation cases linked to employment litigation has risen, 4
and in the United Kingdom one such case reached the Supreme Court (see Case study 2a).”

Man in blue shirt putting finger to his mouth

Case study 2a: MVF

Threat: Misappropriation by ex-employees

What happened?: In 2016, after years of dispute, the Supreme Court found that former employees of public health goods company MVF had misused confidential information about the company’s insecticidal mosquito nets to produce a competing product under the name of Bestnet Europe Ltd.

Result: The case resulted in MVF being awarded damages for breach of confidentiality. 5

Man in glasses putting finger to his mouthMan in glasses putting finger to his mouth 840x420

Case study 2b: Google

Threat: Misappropriation by ex-employees

What happened?: One of the most notable cases of employee theft involved a former Google engineer, Anthony Levandowski, who unlawfully downloaded 14,000 files on self-driving cars from Google, only to use them in his next role at Uber. 6

Result: Mr Levandowski was found guilty of trade secret theft and sentenced to 18 months in prison – an outcome that has been lauded as progress for trade secret legislation in the technology sector. 7
https://www.forbes.com/sites/elanagross/2020/08/04/anthony-levandowski-sentenced-to-18-months-in-prison-for-stealing-trade-secrets-fromgoogle/? sh=7464af3f2d01

Lesson learned: Both of these cases highlight the importance of maintaining a culture of confidentiality among employees, especially those leaving the company.

As firms digitise, it has become easier for employees to accidentally or purposely access and expose confidential information, with or without external pressures. The normalisation of remote working will only increase this risk. Accidental exposure of employees’ family members or housemates to confidential information, the use of unsupervised devices and overheard conversations can all result in confidential information leaks. 8
https://www2.deloitte.com/ng/en/pages/risk/articles/covid-19-impact-cybersecurity.html; https://www.weforum.org/agenda/2020/06/coronaviruscovid19- remote-working-office-employees-employers

The pandemic has also opened doors to a broader range of intentional employee threats 9
as layoffs, furloughs and redundancies increase the incidence of disgruntled employees. (For example, 55% of furloughed employees feel neglected by their employer.) 10
Laid-off and even furloughed employees are becoming more eager to spill secrets to competitors. 11
https://blog.lighthouseglobal.com/prevent-ip-theft-during-a-covid-rif-dont-let-your-trade-secrets-depart-with-employees; https://news.un.org/en/ story/2021/01/1082852