Cyber-protection, a.k.a., cyber-security is important because the stakes are so high. A successful cyber-attack, which results in the theft of trade secrets or other confidential data, can destroy trade secret rights, significantly disrupt an enterprise’s operations, undermine client confidence and negatively impact share price.
Where the stakes are so high, so too are the opportunities. As for the stakes, a recent study estimates the cost of cyber-attacks to the United States as approximately and only $100 billion per year. (Siobhan Gorman, “Cybercrime Costs Put at $100 Billion,” July 23, 2013 Wall Street Journal, A4.) Notably, that estimate is qualified as “an initial attempt to calculate the incalculable. The cost range cited in the study is $25 billion to $100 billion, but there may be additional costs not reflected in this estimate.” (Id.) So, the bottom line — regardless of the current estimate — is ostensibly the same: cyber-attacks are a real detriment to the overall health of the IP-based U.S. economy and can be lethal to specific cyber-attack victims’ short-term and long-term endeavors.
Recent revelations and market activity reflect the cold reality of cyber-attacks and efforts to capitalize on cyber-concerns expressed in the public and private sectors.
As reported on July 23, 2013, “[s]ome of the country’s most influential venture capitalists and former spy chiefs are investing in companies now providing the government with the sweeping electronic spy system and evolving cyberwarfare programs exposed by Mr. Snowden. . . . Last year, venture capitalists pumped about $700 million into security startups, almost a 10th of the estimated market, according to Lawrence Pingree, research director at Gartner Inc., the U.S. information technology research company. That is a small part of a broader technology market expected to grow from $67.1 billion this year to more than $93 billion in 2017, he said.” (Dion Nissenbaum, “Top Venture Funds Back Spycraft Software Startups,” July 23, 2013 Wall Street Journal, B2.)
Then, as reported on July 24, 2013, Cisco Systems, Inc. agreed to purchase cybersecurity firm Sourcefire Inc. for $2.7 billion. (Danny Yadron and Saabira Chaudhuri, “Cisco Bulks Up In Cybersecurity,” July 24, 2013 Wall Street Journal, B3.) In the past four quarters, Cisco’s security business generated $1.4 billion in revenue. (Id.)
Taking that activity — indeed, reality — into account, what can a company do to effectively protect its trade secrets and other confidential data from cyber-attacks? Certainly, a diligent, in-house IT department and robust hardware and software systems can be important and necessary protective measures. On a more fundamental level, however, a company can inventory its assets, such as its trade secrets, so that it properly can focus and employ protective measures. Of course, inventorying trade secrets often provides another significant, competitive benefit: if a company is armed with a clear appreciation for the assets that it owns, then it can effectively capitalize on those assets through, for example, strategic use and monetization.