Make the Case for Investment in Ongoing IP Protection



Fourth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

There are no “silver bullets” for defending trade secrets, but based on the common experience of Digital Guardian customers – manufacturing executives in charge of information security – we’ve come up with some key intellectual property protection tips that provide some guidance to follow. These are practical recommendations will help you evaluate if your organization’s current IP defenses are sufficient.

It has proven challenging for those who champion information security to get greater attention from C-level executives focused on their unique duties. Obtaining adequate funding and resources for IT security initiatives is a process of executive education as much as advocacy. Despite serving as the head of IT security, many CIOs simply aren’t aware of the scale of threats. Many think copying the precautions taken at other manufacturing companies is enough. Producing a well-thought-out plan is required to convince them otherwise.

Your IP protection plan should explain:

  • Why improved IP defense is essential to continue global expansion and profitable products
  • How it will support key business initiatives
  • How it will speed regulatory compliance efforts (e.g. ITAR, HIPAA, PCI, SOX, CFATS)
  • Who will be responsible for managing the program
  • How return on investment will be demonstrated

Do not request budget based on assumed risk alone or on vague industry statistics. Do not propose security technology purchases without a solid business case. Make your chief executive not only aware of the threats but also aware of their impact. To be viewed as a business partner by senior management, think in terms of “managed risk.”

Risk management forecasts and evaluates risks in order to avoid or minimize any potential negative impact. Use net present value of future sales to calculate the impact of any potential loss of valuable trade secrets and put your IP protection plan in stark business terms. Use actual examples of security incidents when your trade secrets were under direct threat or public cases if unavailable.

The CIO should believe that protecting IP is one of their key mandates or their own job is at risk.

Finally, you need advocates from other business functions on your side. Build support for the plan with R&D scientists, compliance auditors, business risk managers, corporate counsel and the heads of key business units. It takes an army to fight cyber criminals!

Making the Case Checklist:
□ Have an IP protection plan. Include everything needed to implement it.
□ Demonstrate how improved IP defense will help support key initiatives.
□ Demonstrate how improved IP defense will help support compliance.
□ Present specific actual incidents when your IP was under threat.
□ Use net present value of future sales to calculate impact of IP loss.
□ Assemble an army of advocates for the program from other departments.

You might want to download my e-book covering 5 tips that will help you make the case for ongoing IP protection investments at your organization.

Read the full series:

  1. The Threats to Your Trade Secrets are Real
  2. Why Offshoring Complicates IP Protection
  3. Calculating the True Cost of IP Theft
  4. Make the Case for Investment in Ongoing IP Protection
  5. How to Form an IP Risk Committee
  6. 7 Elements of a Holistic IP Protection Plan
  7. Defining Intellectual Property
  8. Lock up your IP and Control Access to it
  9. Discover the Weaknesses in Your IP Security
  10. Improve Your Ability to Detect Cyber-Attacks

 

Larry Brock

Dan Geer: The 5 Myths Holding Your Security Program Back

Dan Geer discusses how security teams of all sizes can get past common information security myths to more effective data protection and security.

View Now

Related Articles
Sinovel Fined $1.5M in IP Theft Case

Sinovel, a Chinese turbine manufacturer behind one of the decade's classic insider threat cases, was ordered to pay $1.5M by a federal judge last week for the theft of trade secrets.

Emerson Owes BladeRoom $30M in IP Theft Case

A jury ruled that Emerson Electric stole proprietary data center designs from BladeRoom, putting a close to a long running trade secrets lawsuit. The ruling comes a month after Facebook settled with the British manufacturing firm over similar charges.

Ex-Apple Employee Accused of Stealing Self-Driving Car IP

Federal agents apprehended a former Apple employee last week suspected of stealing intellectual property, including engineering schematics on the company's secret self-driving car technology.

Larry Brock

Larry Brock (CISM) is the former global CISO at DuPont, a post he held for 11 years. He also served as CIO of DuPont’s Nylon Flooring business unit, as Information Security Officer in the U.S. Air Force and at the National Security Agency (NSA) for four years. Mr. Brock currently consults to companies helping them to improve their IP protection capabilities.

Please post your comments here