The majority (58 per cent) of respondents in a poll by Deloitte said they expect the number of intellectual property (IP) cyber thefts to increase over the next year. One in five said that employee/insider attacks were the greatest threat.

IP can be worth more than 80 per cent of a company’s value, according to Deloitte. However, just 16.7 per cent of the survey's respondents said access to IP is very limited, on a need-to-know basis only. And more than two-thirds (44.1 per cent) said that “assessing the impact of IP loss and managing relationships” would be the biggest challenge they face.

Deloitte's Don Fancher said: “Managing risks to trade secrets, drawings, plans, or proprietary know-how that drive your organisation’s revenue and competitive advantage often includes quantifying how loss of that IP would impact the business, preparing to identify and pursue adversaries, and building a defensible chain of data custody to counter future IP cyber theft threats.”

How would you cope with IP theft?

The following questions and suggestions help assess the potential impact and protect against intellectual property loss:

1. Identify assets that need to be protected, such as facilities, source code, IP, R&D and customer information.
2. Define potential insider threats. Deloitte's report goes into detail on how to do this,
3. Define the organization’s risk appetite: how well would the company cope with loss or damage in those areas?
4. Establish an insider-threat mitigation programme that involves a broad range of stakeholders, including leadership support.
5. Include people-centric aspects to any risk management programme, such as segregation of duties for critical functions, technical and non-technical controls and security training programmes.
6. Do all staff, partners or suppliers involved with IP collaborate with the cyber risk programme?
7. Does exposing IP in the public domain make the organisation more subject to attack?
8. How would you manage brand impact and market position in the event of IP theft?

The poll involved more than 2,500 respondents from corporate, banking, technology, insurance and investment organisations.

---

CTMfile take: It's important to consider intellectual property when we talk about risk management. Treasurers might find Deloitte's report useful when considering how to approach insider threats.