Three in four senior corporate executives believe increasing financial investment is necessary to protect intangible trade secrets, according to new analysis commissioned by global law firm CMS and conducted by The Economist Intelligence Unit…

A new report released today commissioned by global law firm CMS and conducted by The Economist Intelligence Unit reveals that trade secret protection is rapidly rising up the corporate agenda as firms widely recognise the commercial imperative to protect vulnerable assets in light of more business conducted online and across borders. 

With more companies relying on an ever-greater proportion of intangible or ‘secretive’ assets, the findings show a marked shift in how executives are planning to tackle employee leaks, supply chain vulnerability, corporate espionage and cyber-attacks. According to a global survey of 314 senior executives across a range of industries, the three most valuable types of proprietary information held by organisations are customer databases (42%), product technology (40%), and R&D information (23%).

The report, ‘Open secrets? Guarding value in the intangible economy’, reveals that trade secret protection is no longer just a concern for the legal department, but a top priority at the board and C-suite level. The majority (75%) of respondents agree that increasing financial investment was necessary to protect their trade secrets. Measures must be taken to raise awareness of these assets more widely among employees, with 28% of respondents viewing a lack of in-house experience with trade secrets as a safeguarding challenge.

The most significant threats to the security of trade secrets are weaknesses in cybersecurity (49%) and employee leaks (48%). As firms increasingly store and share sensitive information across virtual and distributed workforces, companies face a range of unpredictable insider threats, including intentional leaks from disgruntled employees. This is the biggest concern for the UK, whilst the fear of cybercrime is front-of-mind for business leaders in France, China and the US, worsened by poor internal cybersecurity expertise.

Tom Scourfield, Co-Head of IP Group at CMS said: “Fifty years ago, a company’s value was derived solely from its physical capital. Today, the world’s most successful firms are built on intangible assets that are often secretive by nature – algorithms, customer data, product formulae. This report shows that firms must start taking a more holistic approach to protecting these intangible assets, from computer software to company values balancing restrictions with incentives – and importantly engage every level of their workforce. Without this strategy, protecting trade secrets will remain an uphill battle for many.”

Significantly, four out of five of the top measures that companies are planning to implement over the next two years focus on minimising employee leaks. These range from harsher measures such as closer surveillance of employee’s electronic activity through to more collaborative approaches that centre on improving the company culture and introducing innovative staff incentives.

“Willingness to snoop” is highest in China, Singapore and the United States. It is also a top preferred measure for executives in Technology, Media and Telecommunications, with 36% of respondents planning to implement surveillance over the next two years, reflecting the growing tensions between employers and employees in the technology sector. Efforts to improve work culture are clearly felt more widely in other industries, with almost a third (31%) calling for corporate values to shift towards encouraging trade secret protection.

As companies become increasingly wary of cybercrime and ransomware attacks, the majority (82%) agree that leveraging cybersecurity software is key to protecting their organisation in the long-term. However, only half (53%) believe it is the most effective deterrent or have already restricted digital and physical access to confidential information (55%). 

Hannah Netherton, Employment Partner at CMS adds: “It’s overwhelmingly clear that the threat of employee leaks is driving a need for new strategies to guard valuable assets. Companies must find the right balance between perfecting their cybersecurity protections and creating a healthy company culture that incentivises trade secret protection and encourages speaking up through appropriate channels – even the most rigorous of protocols won’t prevent every employee leak or a disgruntled whistleblower. 

“The pandemic has opened doors to a digital workspace, where it’s easier for employees to accidentally or purposefully access and expose confidential information. It is impossible to protect trade secrets if employees are not aware of the sensitivities around these assets, so putting the right values and measures in place has never been more important to an organisation’s success.”

Aukje Haan, Co-Head of Commercial at CMS added: “With the introduction of the Directive on Trade Secrets, businesses will get a range of options to safeguard their most prized proprietary information. However, there are prerequisites to be able to invoke those options. Identifying and taking reasonable steps will be crucial, from NDAs, cybersecurity efforts through to employee regulation, as well as specific requirements depending on the nature of the business, e.g., online businesses will need to take more cybersecurity measures whereas manufacturing companies will need to take more physical measures on the factory floor.“

With industrial organisations ramping connectivity to accelerate digital transformation and remote work, threat actors are weaponising the software supply chain and ransomware attacks are growing in number, sophistication and persistence.

A new report from Nozomi Networks Labs finds cyber threats to industrial and critical infrastructure have reached new heights as threat actors double down on high value targets. With industrial organisations ramping connectivity to accelerate digital transformation and remote work, threat actors are weaponising the software supply chain and ransomware attacks are growing in number, sophistication and persistence. 

“This report leaves no doubt that the time for action is now,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “The recent Oldsmar, Florida, water system attack and the ongoing SolarWinds investigation are dramatic reminders that the critical infrastructure and other systems that we rely on are vulnerable and at constant risk of attack. Understanding the effectiveness of defenses against the emerging threat and vulnerability landscape is vital to success.” 

Nozomi Networks’ latest “OT/IoT Security Report,” gives cybersecurity professionals an overview of the OT and IoT threats analysed by Nozomi Networks Labs security research team. The report found: 

  • Ransomware activity continues to dominate the threat landscape, growing in sophistication and persistence. In addition to demanding financial payments, Ryuk, Netwalker, Egregor and other ransomware gangs are exfiltrating data and deeply compromising networks for future nefarious activities. 
  • Supply chain threats and vulnerabilities show no signs of slowing. The unprecedented SolarWinds attack not only infected thousands of organisations including U.S. Government agencies and critical infrastructure, but it also demonstrates the massive potential for attack via supply chain weaknesses. 
  • Threat actors are targeting healthcare. Nation states are using off-the-shelf red team tools to execute attacks and perform cyber espionage against facilities involved with COVID-19 research. Ransomware crews are targeting healthcare providers and hospitals, in some cases disrupting patient treatment. 
  • Analysis of 151 ICS- CERTs published in the last six months found memory corruption errors are the dominant vulnerability type for industrial devices.

“Urgency has never been higher. As industrial organisations race toward digital transformation, threat actors are taking advantage of greater OT connectivity to create attacks that aim to disrupt operations and threaten the safety, profitability and reputation of enterprises around the globe,” said Nozomi Networks CEO Edgard Capdevielle. “While threats may be on the rise, the technologies and practices to defeat them are available today. We encourage organisation to act quickly to implement the recommendations in this report.  It’s never been more important or more possible to take the necessary steps to detect and defend critical infrastructure and industrial operations.”

Nozomi Networks’ “OT/IoT Security Report” summarises the biggest threats and risks to OT and IoT environments. The report provides information on 18 specific threats that IT and OT security teams should study as they model threat vectors and evaluate risks across operational technology systems. It includes 10 key recommendations and actionable insights to improve defenses against the current threat landscape.