They results are not good. The study of 600 European companies with between between 250 and 2500 employees found that less than half (41 per cent) have specific plans to protect their intellectual property and corporate secrets. More than half (54 per cent) consider that protecting customer, employee, business and financial information is more important than protecting their own trade secrets.
This could be driven by the success of ‘compliance’, where the protection of customer and employee data is strictly regulated by law. There are no similar laws on IP. “Companies quite rightly pay attention to preventing the inadvertent disclosure of sensitive customer or employee information,” said Christian Toon, head of information risk at Iron Mountain Europe. “It is concerning, however, that so few companies implement an integrated approach to information management across the business.”
The reality is that the global IP market is now worth an estimated $180 billion a year (according to the World Intellectual Property Organization); while Forrester research suggests that a company’s proprietary information and trade secrets represent two thirds of its value. “Just imagine what could happen if valuable company secrets such as patents, product designs, or go-to-market strategies fell into the hands of a rival,” said Toon.
Surprisingly, in the specific business sectors analyzed, the IP-intensive pharmaceutical industry performed worst, with only 30 per cent including intellectual property and corporate secrets in their information risk management plans. Financial services, perhaps spending their security energy on protecting their customers’ data, fared little better (35 per cent) in protecting their own business secrets. Best, but still with only 57 per cent, was the insurance industry.
Loss of IP is often linked to the insider threat. Here again the study found poor security attitudes: one in four (26 per cent) mid-sized European companies do not run background checks on new employees, potentially leaving business secrets exposed to further risk. “In all sectors and countries, communication and measures to minimise the people risks are the areas requiring most attention,” concludes the report.