What’s the Real Cost of IP Theft?
Trade secrets stolen from electric vehicle manufacturers. Data removed from a luxury yacht maker via USB flash drive. Insider information taken by former employees from one metal fabrication company to another.
These are just three recent examples of IP theft. A broad category, intellectual property theft can include the physical theft of items like blueprints, patent documents, and biological specimens, or it can entail the digital copying of logos, client lists, and critical data. IP theft may range from unauthorized use to outright theft of proprietary information protected under intellectual property laws.
Regardless of how it’s carried out, IP theft has a significant impact on both individual businesses and the broader economy. According to the US Department of Commerce, 27% of jobs in the US — more than 40 million jobs — come from IP-intensive industries. That translates to over 38% of the US GDP, or $6 trillion.
Digging into the real cost of IP theft
In the past, we’ve written about IP theft as a consequence of data breaches in various sectors. It can jeopardize an organization’s competitive advantage, cause significant financial losses, and lead to legal battles. But it also receives much less focus than breaches of personal identifiable information (PII).
Deloitte’s report on the hidden costs of an IP breach elaborates: “[C]ompared with PII breaches, IP theft has ramifications that are harder to grasp: fewer up-front, direct costs but potential impacts that might metastasize over months and years. Theft of PII might quickly cost customers, credit ratings, and brand reputation; losing IP could mean forfeiture of first-to-market advantage, loss of profitability, or — in the worst case — losing entire lines of business to competitors or counterfeiters.”
The problem is compounded by the fact that increasing global interconnectivity has made it much easier to steal IP and much more difficult to identify the perpetrators. Today, we’ll explore the true cost of IP theft, and we’ll discuss how data privacy and security can offer a solution.
The financial impact of IP theft can be immense. Intellectual property can constitute more than 80% of a single company’s value, and its loss can trigger a cascade of fiscal consequences. The Commission on the Theft of American Intellectual Property estimates that annual costs from IP loss — which can include trade secret theft, the sale of counterfeit goods, and software piracy — range from $225 billion to $600 billion, or about 1% to 5% of the US GDP.
There are all too many real-world examples of IP theft causing significant financial losses for companies. Take, for instance, the case of American Superconductor, a Massachusetts-based infrastructure provider whose largest customer illegally obtained source code IP and then installed the pirated version in their wind turbines. The violation of American Superconductor’s IP rights and the loss of revenue contractually owed to them by the customer, Sinovel, reduced its revenue by $100 million per year.
According to the Deloitte report, 85% of IP theft’s financial impact on a company can be attributed to operational disruptions and lost contract revenue. But there may be dozens of other incidental costs, including technical investigations, customer breach notifications, regulatory fines, PR, and more.
With IP theft, it’s difficult to put the genie back in the bottle. Stolen data can’t be redacted after the fact, and an organization’s only recourse is often legal action — which can be slow, costly, and especially challenging in international cases.
Legal action in IP theft incidents may include filing lawsuits against the infringing party, demanding cease and desist orders, and requesting injunctions to halt further unauthorized use. The legal process, which includes attorney fees, court expenses, and administrative costs, can quickly escalate, straining both time and financial resources.
Intellectual property cases are one of the most costly kinds of law practiced in the United States. The cost of a patent infringement case with $10 million to $25 million at stake may range from $2 million to $9 million, and even intellectual property mediation costs an average of $100,000 per case.
It’s important to note that weak data security measures may significantly impact the outcome of legal action in IP theft cases. Some courts may calculate a company’s Net Present Value of Future Sales at zero if that company failed to take proper administrative, physical, and technological actions to safeguard their own intellectual property. In the absence of proper IP stewardship, judges have ruled, organizations risk forfeiting their trade secrets entirely.
IP theft can inflict severe reputational damage on companies, tarnishing their image and eroding trust. As consumers and B2B customers increasingly prioritize data security in their purchasing decisions, IP theft can signal negligence in safeguarding sensitive information. This can lead stakeholders to question a company’s commitment to data protection, making consumers and business partners wary of doing business.
The reputational damage from intellectual property incidents can do lasting harm to an organization’s standing, as news stories about data breaches and IP theft can quickly go viral. Additionally, the original makers of a product may suffer criticisms about product quality in cases where IP theft leads to the production of counterfeit goods.
Increasingly, we can calculate the dollar amount of reputational damage. One study showed that there is an 18% difference in revenue between three-star-rated businesses and five-star ones. Meanwhile, a Ponemon Institute global survey of data breaches sets the average cost of reputational damage at a staggering $1.57 million per incident. In a world increasingly prone to data leaks and breaches, an organization’s reputation really does matter.
Although less quantifiable than the other costs of IP theft, problems within an organization can cause ongoing damage. Low morale, suspicion, and fear of layoffs can all become pervasive after an IP theft incident. Indeed, the Deloitte report notes that it can take years for a company to recover from depressed revenue growth and lost productivity.
IP theft can also necessitate shifting priorities within an organization. New R&D, cybersecurity, and remediation efforts can quickly drain resources and distract from core business objectives.
All in all, IP theft isn't merely a direct loss of assets; it triggers a cascade of legal consequences, reputational damage, and organizational problems that may take years to fully resolve.
The solution? Advanced data privacy and security
Tackling the challenge of IP theft requires a multifaceted approach from companies, governments, and data security experts. At the organizational level, there are a number of ways to begin protecting IP:
- Making inventories of critical data and carefully tracking each asset.
- Carefully vetting employees and vendors.
- Employing the principle of least privilege.
- Using data loss prevention or data loss protection software.
- Purchasing an IP insurance policy, which is becoming increasingly popular.
- Conducting company-wide data privacy training, including cybersecurity exercises.
- Strengthening overall cybersecurity practices and technologies.
One of the best ways to mitigate the impact of IP theft is to secure critical data from access by third parties. The ShardSecure platform offers a way to achieve separation of duties, offering advanced data privacy, security, and resilience with its innovative approach to file-level encryption.