Intellectual Property Breaches a Common Business Plague

March 7, 2007
New survey on enterprise IT security paints troubling picture of corporate data and intellectual property protection

A new survey from Enterprise Strategy Group (ESG) paints a picture of corporate secrets walking out the door uninhibited.

The survey, which was sponsored by information protection firm Reconnex, surveyed a number of "enterprise-size" companies (with between 1,000 and 20,000 employees worldwide). It looked to set some benchmarks in terms of what has been happening with intellectual property (IP) losses and protection protocols.

The findings from the 112 respondents are potentially troubling to many CSOs. The survey indicated that some 32 percent of companies had experienced IP data losses sometime in the past 12 months…and another 11 percent weren't even sure whether a breach had occurred.

That leaves 57 percent who say their enterprise didn't have an intellectual property breach. And that kind of conjecture that nothing happened, says Eric Ogren, the security analyst for ESG, is surprising.

"Really, when you think of it, there are only 2 possible answers "Yes" and "I'm not sure", said Ogren. "[It's] hard to be confident about a "No". So I can say that the 11% are being honest. I suspect that those answering "No" are responding to a absence of alerts from security products or staff."

So, where do you place the blame for the IP breaches? Is this a case of corporate espionage -- spy vs. spy style with Cogswell Cogs trying to get the scoop on Spaceley's Sprockets? On the contrary, most of those survey recognized that it's the insider -– whether clumsy and forgetful or intentionally malicious -– who is driving these breaches. That was a sentiment shared by 58 percent of the respondents. And over one-third said it was solely the "negligent insider" who was making their lives difficult. But it's not that outsiders don't warrant a threat concern. Twenty percent of respondents said they were most concerned about hackers weakening their hold on intellectual property.

What makes the protection of intellectual property so hard is evidenced by the survey's data on where the intellectual property is residing. While much of the data (79 percent) lives in the form of company intranet pages and documents and databases created specifically for the company, there are plenty of other source-points for intellectual property. In fact, ESG's survey indicated that 21 percent of intellectual property is living in difficult-to-manage communication forms like email and instant messaging.

Unfortunately, it's a situation that's been on the rise for many years. In 2002, the Bureau of Justice said that it had seen a 22 percent increase in intellectual property cases between 1994 and 2002. In the five years since the Bureau of Justice statistics were tabulated, of course, even more intellectual property has moved to company business networks as employees, designers, engineers and product managers rely increasingly upon the almost-instantaneous collaboration that networked communications can provide.

On the bright side? About 90 percent of the companies involved in the survey said they would be deploying technologies within the next 12 months to help protect intellectual property. And something even brighter? More than two-thirds of the responding organizations said that at least once a quarter (in some case once per month), they sit down to review data protection policies.

Also on the bright side are resources to help you defend your organization. Look for these resources from the Department of Justice:

    "Prosecuting Intellectual Property Crimes" manual (revised edition, released in September 2006) Department of Justice "quick look" at news in the world in the intellectual property