Companies Expect Intellectual Property Theft to Rise, with Insiders Posing the Biggest Threat

It’s relatively easy to value a company’s tangible assets, such as their buildings and equipment. But studies suggest their intellectual property—which can include everything from trade secrets and R&D to drawings and training manuals—is worth a lot more.

The implied value of intangible assets of companies in the S&P 500 grew to an average of 84% of their total asset value by the end of 2014, according to merchant bank Ocean Tomo.

Many business leaders, however, aren’t well prepared for an attack, even as they become more vulnerable.

The number of cyber theft incidents involving intellectual property, or IP, is expected to increase over the next 12 months, according to 58% of the 2,500 respondents to a recent Deloitte poll.

Employees or “other insiders” were found to constitute the biggest threat, yet only 17% of respondents said access to their IP is very limited, on a need-to-know basis only.

And while 12% said their organization had suffered an IP theft incident over the past 12 months, around a third said they didn’t even know if they had been attacked.

“While many of us know—or have experienced firsthand—how a cyber attack can severely disrupt business, loss of an asset as critical as IP can be crippling for most organizations,” said Don Fancher, a principal at Deloitte Financial Advisory Services.

The concern is highest in the power and utilities industry, where 69% of respondents think an IP cyber attack will occur in the next year, and also high in the automotive industry, where 64% think attacks will rise.

After company insiders, who are expected to account for around a fifth of attacks, the next biggest threats are suspected to come from competitors (16%), activist groups (12%), third parties with which companies regularly engage (12%) and nation states (10%).

Mitigating the risks need not just be about investing in better technology. It starts with identifying the most valuable IP assets then validating partners and suppliers to make sure they comply with a cyber risk program.

A robust insider threat mitigation program establishes appropriate controls and training, while drawing on a combination of data and technology to protect vital information, Deloitte said.