IoD Rules Review

Reminder for IoD members: Have your say on the proposal to change the IoD Rules. Log in for more information.

Hidden value, hidden risk

Your most valuable assets may not be the ones on your balance sheet. 

By Paul Adams, EverEdge
31 Jul 2020
read time
3 min to read
Today, a company’s most valuable assets are more likely to be stored in the cloud than a warehouse
- Inga Beale, former CEO of Lloyds

Cyber criminals of course figured this out long ago. According to estimates by Cybersecurity Ventures, cyber-crime will cost the global economy more than US$6-trillion in 2021, up from $3 trillion in 2015. 

Paul Adams, CEO EverEdge, provides an overview of intangible assets, why they are so important to businesses and why they need to be protected.

Cyber criminals aren’t coming to steal your building…

One of the greatest sources of cyber risk comes from cyber-espionage attacks. These attacks are primarily focused on stealing a company’s intangible assets (such as confidential information, data, trade secrets, product designs, financial information, and other proprietary intangible assets) that are often crucial to a company’s competitive edge. When successful (and these attacks often are), it is highly profitable as the thief becomes the beneficiary of zero cost R&D, hard-won strategic insights, or critical strategic intelligence. 

However, while these threats are real and significant, it is possible to take steps to mitigate risk around cyber espionage – but the steps required, while simple, go beyond approving a network security system or cyber insurance policy.

It’s not only about how good your alarm is

As a director, the first thing to realise before you approve the spending of millions of dollars on cyber or network security systems (ie before you buy an extremely expensive alarm) is that you need to better understand WHAT you are trying to protect.

It is very difficult practically to protect all your intangible assets. A better approach is to ensure your management team is proportionally weighting its efforts towards those assets that are business critical and then work to intensively protect these rather than necessarily trying to build the Great Wall of China around the entire business.

To mitigate risk from a governance perspective includes ensuring your management teams have worked through the following steps and are able to provide answers to the following questions:

1. Identify and value your intangible assets
  • What intangible assets does the company own?
  • What is the value of each of these assets? (Both to our company and in the hands of someone else)

Once the company has identified which assets are most important to it and the value of these assets, it can take steps to reduce risk by ensuring that attention and resources are focused on protecting the most valuable assets.

2. Audit your assets
  • How and where are the company’s critical intangible assets stored?
  • Who has access to these assets? (both internally and through third-party suppliers)
  • Who genuinely needs access to these assets?
  • Can the company assert ownership and chain of title on its intangible assets to help provide legal recourse if these assets are compromised?

According to the research by Kilpatrick et al, only 14 percent of those companies surveyed restricted access to their knowledge assets, with 61 percent of respondents also stating that third parties have access to their company’s knowledge assets. 

With the majority of data breaches resulting from the carelessness of employees or third parties with access to information, companies must institute policies and processes to proactively identify, protect and monitor access to key trade secrets, know-how and critical confidential information. 

3. Policies, processes & education programmes
  • Are risk mitigation policies and processes in place to protect the company’s most valuable assets?
  • Are efforts focused on protecting the company’s most valuable assets?
  • Is there widespread understanding and adherence to the company’s policies and processes around cyber?

A core part of any program should be focused on educating employees on the importance and value of intangible assets as core assets of the company, laying out the steps that employees can take to minimize the risk of assets leaking or being targeted by parties outside the organisation.

From a governance perspective, directors have a fiduciary responsibility to protect all the company’s assets. While these steps are relatively simple, they are also invaluable when paired with an effective cyber security system. However, the critical element in any risk mitigation strategy (traditional or cyber) is to first understand what you are trying to protect and why. 

If this step in the process is missed, it is likely that you will have the wrong measures in place to protect your assets or you will the right measures protecting the wrong assets. Either way it’s like issuing an open invitation for cyber-criminals, spies, or competitors to come and take what they want.


Author: Paul Adams
CEO EverEdge
EverEdge is a global advisory and transaction firm specialising in intangible assets. EverEdge helps companies and capital providers convert intangible assets into business impact including increased margins, market share and enterprise value.

Related content