Economic espionage can be a costly ordeal.
For instance, a Texas jury recently awarded Rockville, Maryland-based ZeniMax Media $500 million following a lawsuit claiming the theft of intellectual property related to virtual reality (VR) by Oculus.
ZeniMax, which is a video game maker, said in a court filing after the verdict, “the jury rightly found that the breakthrough in VR was accomplished by ZeniMax months before there was any contact with these defendants, and that ZeniMax’s singular technology — source code, VR test beds, software demonstrations, and other technical assistance — was only shared with defendants after a formal non-disclosure agreement was entered into between the parties. That agreement made undeniably clear that, among other things, all the VR technology being provided to Defendants was owned by ZeniMax — and ZeniMax alone.”
Oculus provides a different view. “From the beginning, we maintained that ZeniMax’s claims in this matter were without merit,” an Oculus spokesperson told SmartCEO. “The heart of the case was about whether Oculus stole ZeniMax’s trade secrets and the jury found decisively in our favor on this issue. Oculus products are built with Oculus technology. Oculus and its founders have invested a wealth of time and money in virtual reality development because we believe it’s going to create entirely new ways for people to communicate. We will continue to move through the legal process and, independent of this case, our commitment to VR remains strong.”
The $500 million award is not uncommon. Overall, theft of American intellectual property costs each year between $225 billion and $600 billion – related to counterfeit goods, pirated software and the theft of trade secrets, according to the Commission on the Theft of Intellectual Property.
With Washington and Maryland home to government offices and other organizations, which hold valuable secrets that many would like to capture, it’s always on the radar of CEOs who sometimes fear they could be the next victim.
And it’s not just federal offices that store secrets on finances, technology and formulas — but law firms, consultants and labs are storehouses of confidential information. Businesses are clearly at risk, too. Maryland, for instance, is home to numerous defense contractors, with the FBI in 2015 estimating the number at 1,800.
Brian Fleming, an attorney at Miller & Chevalier in Washington, DC, said insiders “have always been, and always will be, a threat. All it takes is one employee with bad intent and a company can be thrown into chaos.”
On the other hand, industry competitors, both domestically and internationally, are another “traditional threat that has not gone away,” Fleming warned.
“There are [also] threats in the cyber realm originating from nation states and hackers for hire,” he added. “The global supply chain also presents heightened risks from contractors, subcontractors and vendors, that may be unfamiliar, unvetted or operating in a foreign country.” Businesses need to be cautious when giving “such entities” access to “business information or networks” – as it “creates vulnerabilities that can be exploited,” Fleming said.
Steven Hollman, an attorney at the Washington, DC office of Sheppard Mullin Richter & Hampton, noted that highly competitive industries with “rapid technological advances” have a more pronounced risk of espionage or theft of valuable information. In recent years, the internet has had a “major impact” on economic espionage, too.
“Thirty or 40 years ago, companies could rely primarily on physical security to protect their most valuable proprietary information or trade secrets,” Fleming said. “Now, cybersecurity and the protection of information technology systems are often the top priorities for companies when it comes to preventing economic espionage. Because almost all business information has been taken online, the risks are staggering. Moreover, anyone with an internet connection anywhere around the world could be a threat.”
Several ways exist to mitigate risk for economic espionage.
“To stay ahead of the economic espionage threat, companies need to take stock of their assets—tangible and intangible—and put together a risk-based plan to protect them,” Fleming said. “Focus and resources should be devoted to protecting the most sensitive and valuable intellectual property, as the threats are most likely to be concentrated on those areas. Taking such a proactive approach allows a company to not only mitigate its risks, but also to think through an appropriate response plan in the event a problem arises. Too many companies reckon with these issues for the very first time when they are reacting to the discovery of an apparent theft or breach.”
Before falling victim to economic espionage, Hollman recommends businesses also conduct an internal audit. It should ensure that employment policies, the culture, systems and electronic platforms promote confidentiality and adequately secure sensitive information, he said. He also advised businesses to take appropriate steps to prevent cybersecurity attacks.
“The companies that are most successful at mitigating the risk of economic espionage take a thorough and thoughtful approach to evaluating the specific threats they face, balance those threats against the needs of the business, and conceive of creative ways to minimize risk while still allowing the business to function properly,” Fleming said. “Reviewing and revising corporate and information technology policies, with this risk mitigation goal in mind, is often a good place to start. Reevaluating how and where you store your company’s most valuable intellectual property assets is another important consideration, as is asking tough questions about who should have access to certain physical spaces at the company or certain shared drives and network locations.”
It also may be useful to audit the use of technology by contract parties “to ensure that use does not bleed over lines of restriction on permissible use, e.g., where third party gains access to technology for a particular, permitted purpose and then uses that access for restricted/prohibited/impermissible purposes,” Hollman said.
All levels of a company should be involved. The board of directors should ensure that the company has adequate policies in place to protect sensitive information and proprietary intellectual property, he explained. The C-Suite should implement the policies using industry best practices, and retaining consulting services where necessary to guide implementation, he adds.
“Mid-level management’s role is to promote [a] culture of safeguarding proprietary information and IP in every aspect of the company’s business, including by communicating policies and procedures effectively at every level, and to encourage employee contributions to the culture of protecting valuable information,” Hollman said. “[The] role of individual employees is to recognize innovation/proprietary information as a key aspect of the company’s value and market position, and to treat it accordingly by honoring confidentiality and non-disclosure obligations, and by carefully following company policies and procedures designed to protect proprietary information.”
Also, employees need to be trained to watch for signs of improper use by other employees, former employees, contract parties, or competitors. If there are instances of corporate espionage, prompt legal action can prevent exploitation of misappropriated information.
If a company “discovers it has been the victim of economic espionage, then hopefully you have a plan in place to begin remediating immediately. Even if you do not … conducting a thorough internal investigation is often the first key step in a company’s recovery,” Fleming said. “An internal investigation will help you address the fundamental questions—who, what, when, where, how—which are critical not only to remediation, but also to conducting a damage assessment and guiding the company’s next steps. An investigation often informs a host of subsequent decisions, including whether to report the incident to law enforcement or the responsible regulatory agencies, whether to disclose the matter broadly to the public or only to certain affected stakeholders, and whether to pursue litigation against the responsible party.”
There can be legal risks, too.
“In nearly every trade secret lawsuit, the defendant asserts that the plaintiff failed to take adequate steps to safeguard the alleged trade secrets,” Hollman said. “Demonstrating that a program was properly established and implemented to protect those secrets is of critical importance.”
Over the years, corporate espionage has changed. The workforce, particularly in technology sectors, is now highly mobile, Hollman said.
The use of electronic record-keeping with multiple access points has caused the “risk of theft/misappropriation to proliferate, both from the inside (departing employees with access to sensitive information) and from the outside (compromise to electronic data systems),” Hollman said. Also, mobile, technical employees may “jump to competitive enterprises and are in a position to use proprietary information … that harms their former … [employers],” Hollman said.
Overall, innovation remains important for the success of a company.
“In a hyper-competitive business landscape, innovation is prized above all else,” Fleming said. “There are obvious reasons companies innovate in secret, so it makes sense that companies would go to great lengths to extend those protections to the maximum extent possible. Nevertheless, many companies have lost competitive advantage due to economic espionage. Imagine that one day your company is a market leader with an innovative flagship product. Now imagine that it is two years later and you’ve lost a big piece of your market share because copycat products based on intellectual property stolen from your company dominate the market. Successful companies have been put out of business due to economic espionage. And the more valuable the intellectual property you possess, the more motivated somebody will be to steal it.”