Insiders, Not Hackers, Biggest Information Theft Risk

Companies worried about hackers stealing their trade secrets should be even more afraid of former employees, competitors and contractors, according to a new study conducted in the US.

Intellectual property and proprietary information are more at risk from ex-employees, foreign and domestic competitors and contractors working on-site than from computer hackers, according to a study released Monday by PricewaterhouseCoopers, the US Chamber of Commerce and the American Society for Industrial Security (ASIS) International.

The study, titled "Trends In Proprietary Information Loss," defines proprietary information and intellectual property as "information that is not within the public domain and which the owner has taken some measures to protect." It refers to, for example, information about new products and services.

"The 'insider' threat problem is perceived to be the most serious. This means that companies may want to consider investing more in human resources and vendor screening processes, as well as educating employees about tools and techniques to upgrade their information technology security practices," the study reads.

The study's findings are based on survey responses from 138 chief executive officers of US companies of all sizes. Respondents were asked about intellectual property and proprietary information losses incurred between July 1 2000 and June 30 2001. About 40 per cent of the companies polled reported suffering the loss of this type of confidential information.

Based on the survey responses, the study concluded that US companies suffered up to $US59 billion in intellectual property and proprietary information losses between July 2000 and June 2001. Most of those losses resulted from legal fees and lost revenue associated with the theft of this privileged information. Areas affected included research and development, customer information and financial data.

Computer hackers ranked fifth in terms of risks to intellectual property and proprietary information, followed by vendors and suppliers, current employees, partners, intelligence services, external manufacturers and the media.

However, as more and more sensitive corporate information is stored and transmitted using IT systems, the issue of hackers "is an area that should be earmarked for heightened scrutiny by businesses," the study reads.

In what will be good news to hackers, most respondents don't require that this type of confidential information be encrypted when sent over the Internet. However, most respondents do recognise that the Internet, computer networks, computing devices and related products create new threats to the protection of intellectual property and proprietary information.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Juan Carlos Perez

Latest Videos

More videos

Blog Posts