Intellectual property theft is a growing hazard, with threats that can arise both internally and along a company's global supply chain. Fortunately, organizations can leverage enterprise risk management (ERM) tools already in place to enhance IP protection while limiting cost and bureaucracy.
The ways that vital intellectual property can be misappropriated are multiplying and ever changing in this highly competitive, highly digitized world. Companies lose their competitive edge when employees or business partners pass trade secrets to competitors. They lose consumer confidence and suffer legal consequences when counterfeit products make their way into the supply chain and fail. They miss out on profits when fake goods are sold under their brand names. And then there are cyber intrusions that compromise sensitive data. The list goes on.
But the good news is that your company likely already has in place an enterprise risk management system that can be adapted to address IP-related risks. ERM systems provide a great structure for bolstering IP protection without creating additional bureaucracy.
A new whitepaper explores this topic, looks at some leading companies that have incorporated their IP into ERM systems, and provides practical tools for big and small businesses that choose to follow suit.
As this report lays out, there are several ERM systems that have gained currency over the last decade or so, but all essentially "identify, assess, and manage" potential problems for a given business. By getting a full view of its risk landscape, typically accounting for financial stability, quality control, health and safety, environmental, and labor issues, the company can put in place systems to avert a crisis, or mitigate the damage caused by one. The best of these systems extends to risks that arise in company supply chains.
Handling risks from loss of IP in this same holistic fashion makes sense, especially as the value of these intellectual assets has grown as a proportion of company's total value. Indeed, for many businesses it makes up the lion's share, according to a survey of Fortune 500 companies.
The growing risk of misappropriation of these assets is echoed in the daily headlines, surveys of company executives, and 10-K filings with the Securities and Exchange Commission. Nearly all of the top 20 Fortune 500 companies' annual 10-K filings in the past year list cyber security or intellectual property issues, or both, among their material business risks, the whitepaper notes.
The first vital step in ERM frameworks is to create a complete inventory of strategic, operational, compliance, financial, and reputation risks, and that inventory should include risks associated with IP. It should take into account brand protection (trademarks), registered designs, copyrights, patents, and trade secrets -- both those that are part of the company's own assets or intellectual property of others that the company must manage effectively.
One area that often requires greater attention is IT security. With the now common occurrence of high-profile security breaches, many companies are keenly focused on preventing cyber attacks, adopting IT security standards (e.g., ISO27001), various industry standards (e.g., COBIT), or national standards (e.g., NIST).
However, IT security systems can only protect that which they are designed to protect, the whitepaper argues. If IP protection and risk management have not been included among the objectives of many IT systems, even complying with the standards may fail to protect important intellectual assets.
"It is thus important that any company ERM process that examines and seeks to identify IT and other security risks include trade-secret theft and other IP-related risks specifically."
Another area where it is critical to identify IP-related risk is in global supply chains as producers, joint venture partners, and even customers may have access to IP. Supply chain disruptions caused by IP can have serious long-term implications. Featured examples underscore the importance of ongoing identification and management of IP-related risks in a company's supply chain:
- Unreported "back door" sales of a company's branded clothing products by its manufacturing supplier
- Departure of a supplier's employees to another company that soon began producing directly competing products using the supplier's secret manufacturing process
- Alleged theft of a wind turbine company's software source code by its customer and two former employees, and inclusion of that technology in competing turbines manufactured by the former customer (at a claimed loss to the company of $800 million in sales and 500 jobs)
An example of a large company leading the way with an ERM approach to IP-related risks is Amsterdam-based technology giant Philips N.V. At the highest level, it has identified some of these risks as "strategic," or potentially affecting the company's overall ambitions, including problems securing or maintaining IP rights, as well as those involving third-party licenses covering its products and design and manufacturing processes.
Other IP-related risks are designated as "operational" at Philips, such as the potential leakage of confidential information or the theft of intellectual property or sensitive data through unauthorized access to or cyber attacks on its IT systems.
Philips's holistic approach to IP risks remains an exception to the rule.
But most companies grappling with IP risk need not start from scratch. The report shows how systems that in many cases are already in place to manage other risks can be optimized for IP-related risks internally and in the supply chain as well -- to great value for the business.
Editor's Note: Please join us for a live chat with Craig Moss on this topic this Thursday, November 11, at 2:00 p.m. EST (11:00 a.m. PST) in the EBN chat area. We'll be asking Moss to give us some real-world examples and strategies for organizations to mitigate risks using ERM.
— Allen N. Dixon co-authored this article. Dixon is intellectual property counsel for the Center for Responsible Enterprise And Trade (CREATe.org). He is a leading lawyer and international specialist in the intellectual property and information technology field, having worked on three continents and advised high technology and other industries in various capacities for more than 25 years.