How Governments and Companies can Fight Cyberespionage
While rapid technological advances have been leading to greater connectivity and data storage and global growth, they have also been resulting in greater cyberespionage and intellectual property theft, especially trade secrets. Businesses are now more at risk than ever to having their corporate networks breached and having their trade secrets stolen. On average, trade secrets comprise of about two-thirds of the value of firms’ information portfolios, and once they are made public or obtained by a competitor, their value may be substantially or entirely lost.
This phenomenon is occurring globally. General Keith Alexander, the head of the National Security Agency and U.S. Cyber Command, stated that U.S. companies lose $250 billon per year due to IP theft. A survey conducted for the European Commission showed that over the past 10 years, approximately one in five respondents experienced at least one attempt or act of misappropriation. South Korea estimates that costs from economic espionage more than tripled between 2004 and 2008. It is also estimated that the largest global organizations could face $35 million in losses over a two-year period from attacks on cryptographic keys and digital certificates.
In an effort to combat increasing cyberespionage, the Obama administration released a “Sttrategy to Mitigate the Theft of U.S. Trade Secrets” in February 2013, and an issuance of Executive Order 13636 on “Improving Critical Infrastructure Cybersecurity” shortly after. The order focuses primarily on protecting critical infrastructure, and there is still room to enact laws to protect intellectual property that may be held more broadly by U.S. businesses.
The strength in trade secret laws has an effect on the level of cyberespionage in each country. Trade protection in the U.S. is relatively more advanced than in most of the rest of the world. Much of the rest of the world has very weak laws and enforcement practices, including the large emerging economies such as China, Brazil, Russia, and India. As supply chains and operations expand globally, weak rule of law and ineffective enforcement in countries will harm companies’ ability to protect their trade secrets.
What can governments and companies do to address these trade secret threats? First, a company should have its own protection program and make investments on strong security technologies and procedures. A study shows that companies that obtained “sufficiently budgeted resources” for security saved around $2.2 million annually. Governments should utilize trade policy tools to raise the importance of trade secrets protection and promote more effective deterrence. U.S. ties through the Trans-Pacific Partnership (TPP) Agreement with 11 other Asian-Pacific nations and the Trans-Atlantic Trade and Investment Partnership (T-TIP) with the European Union give it means to do so. Trade secret protection should also be considered in regional organizations and the World Trade Organization (WTO) Council for Trade-Related Aspects of Intellectual Property Rights. The U.S. government should also improve internal coordination among agencies responsible for cybersecurity and protection of trade secrets. Overall, protection from cybersecurity will require a collateral effort from companies and governments worldwide.