Today, a company’s most valuable assets are more likely to be stored in the cloud than a warehouse
Cyber criminals of course figured this out long ago. According to estimates by Cybersecurity Ventures, cyber-crime will cost the global economy more than US$6-trillion in 2021, up from $3 trillion in 2015.
One of the greatest sources of cyber risk comes from cyber-espionage attacks. These attacks are primarily focused on stealing a company’s intangible assets (such as confidential information, data, trade secrets, product designs, financial information, and other proprietary intangible assets) that are often crucial to a company’s competitive edge. When successful (and these attacks often are), it is highly profitable as the thief becomes the beneficiary of zero cost R&D, hard-won strategic insights, or critical strategic intelligence.
However, while these threats are real and significant, it is possible to take steps to mitigate risk around cyber espionage – but the steps required, while simple, go beyond approving a network security system or cyber insurance policy.
As a director, the first thing to realise before you approve the spending of millions of dollars on cyber or network security systems (ie before you buy an extremely expensive alarm) is that you need to better understand WHAT you are trying to protect.
It is very difficult practically to protect all your intangible assets. A better approach is to ensure your management team is proportionally weighting its efforts towards those assets that are business critical and then work to intensively protect these rather than necessarily trying to build the Great Wall of China around the entire business.
To mitigate risk from a governance perspective includes ensuring your management teams have worked through the following steps and are able to provide answers to the following questions:
Once the company has identified which assets are most important to it and the value of these assets, it can take steps to reduce risk by ensuring that attention and resources are focused on protecting the most valuable assets.
According to the research by Kilpatrick et al, only 14 percent of those companies surveyed restricted access to their knowledge assets, with 61 percent of respondents also stating that third parties have access to their company’s knowledge assets.
With the majority of data breaches resulting from the carelessness of employees or third parties with access to information, companies must institute policies and processes to proactively identify, protect and monitor access to key trade secrets, know-how and critical confidential information.
A core part of any program should be focused on educating employees on the importance and value of intangible assets as core assets of the company, laying out the steps that employees can take to minimize the risk of assets leaking or being targeted by parties outside the organisation.
From a governance perspective, directors have a fiduciary responsibility to protect all the company’s assets. While these steps are relatively simple, they are also invaluable when paired with an effective cyber security system. However, the critical element in any risk mitigation strategy (traditional or cyber) is to first understand what you are trying to protect and why.
If this step in the process is missed, it is likely that you will have the wrong measures in place to protect your assets or you will the right measures protecting the wrong assets. Either way it’s like issuing an open invitation for cyber-criminals, spies, or competitors to come and take what they want.
Author: Paul Adams
EverEdge is a global advisory and transaction firm specialising in intangible assets. EverEdge helps companies and capital providers convert intangible assets into business impact including increased margins, market share and enterprise value.