Corporate Counter-Intelligence: Increasing Revenue through Identification, Valuation, and Protection of Intellectual Property and Critical Information (IPCI)

The value of Intellectual Property and Critical Information (IPCI)

By most calculations, seventy percent of the value of a modern company lies in it its IPCI, its intellectual property and critical information. Unfortunately, IPCI is an intangible. Some senior managers don't understand how something that is intangible can have real value. This lack of understanding is compounded by the fact that the PCAOB says that IPCI developed in-house has no book value, which many equate to having no economic value needing to be protected. They thus do not take appropriate measures to protect it, nor do they identify its value appropriately. Because of this IPCI is easily lost to competitive intelligence, economic espionage, inappropriate disclosure, and theft.

So what is the result of this? Substantial revenues booked as income by someone else. According to the 2002 Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, U.S. businesses fail to take $300 billion in revenues each year because of competitive intelligence, economic espionage, inappropriate disclosure, and theft. According to a study by the American Society for Industrial Security (ASIS) with consultation from PricewaterhouseCoopers, the average discovered incident reduces revenues by $50 million in a manufacturing environment and $500,000 in a non-manufacturing environment. Our experience indicates that when we find one incident, we more often than not find another two. With the potential of up to 600,000 incidents each year in the United States, it is a near-certainty that your firm is a likely target, and highly probable that your firm will become a victim if they have not already done so.

In a letter dated 5 August 2004 the SEC noted that "the Sarbanes-Oxley Act of 2002 and the Commission's rules promulgated under the Act seek to strengthen pre-existing standards for internal controls, thereby potentially improving the ability of companies to track the costs and impact of economic espionage and theft of intellectual property." The SEC assumed — not unreasonably, albeit incorrectly — that internal controls were in place to identify and value intellectual property and critical information (IPCI), and to protect these from competitive intelligence, economic espionage, theft, and inappropriate disclosure.

The assumption was reasonable because there is a standard control process, OPSEC, developed by the U.S. Government, for the identification, valuation, and protection of information that would give adversaries and competitors an advantage. OPSEC is promulgated on the government side by the Interagency OPSEC Support Staff. The OPSEC Professionals Society" is the independent professional society that provides certification of OPSEC Associate Professionals (OAP) and OPSEC Certified Professionals (OCP)

However, the assumption was also incorrect, because most senior managers do not think of IPCI as something that needs to be protected. After all, the PCAOB says that intellectual property developed in-house "has no book value," which many equate to having no economic value. In addition, the majority of organizations have not yet funded a senior executive with detailed knowledge of the company's business functions, as well as Sarbanes-Oxley audit responsibility, to bring qualified OPSEC professionals to oversee an OPSEC program to identify information as needing to be protected from competitive intelligence, economic espionage, inappropriate disclosure, and theft, the four primary sources of loss of critical information. Without an OPSEC program you are unlikely to be capable of being compliant.

1. You will have to deal with the consequences of being in non-compliance with Sarbanes-Oxley, which can involve both civil and criminal exposure.

2. If the theft ends up being prosecuted under the Economic Espionage Act of 1996, a compelling case can be made that by not having an OPSEC program to identify, value, and protect information from competitive intelligence, economic espionage, and theft, you failed to take the required "reasonable measures to keep such information secret." This means that you have, either through negligence or deliberate indifference, abandoned the trade secret status of the stolen information, which was therefore no longer considerte to be a trade secret as defined under both the Economic Espionage Act of 1996 and the Uniform Trade Secrets Act.

3. You face the increased possibility of a shareholder negligent action lawsuit because you knew, or should have known, based upon annual domestic losses of $300 billion, there was a high-probability threat that you should have addressed. Additionally there is exposure because you both abandoned the trade secret status of your information under the Economic Espionage Act AND you were non-compliant with Sarbanes-Oxley, both of which were at least partly designed to force you to protect the firm's shareholders from just this type of loss. Since ignoring Sarbanes-Oxley requirements indicates negligence or deliberate indifference, there is an increasing probability that your liability will not be covered by your Directors and Officers Insurance because you did not exercise due care. It becomes personal liability.

Using experienced and skilled OPSEC professionals, we help you to accurately identify, value, and protect all critical information, trade secret or not, that might give competitors and adversaries an advantage, if known. We use OPSEC to help you identify competitors and adversarieswho may have an interest in and who might try to obtain such critical information. We use OPSEC to help you better insure this information doesn't get the hands of your competitors and adversaries.

To be effective, and because of government liability requirements, OPSEC needs to be authorized and overseen by a senior executive that has detailed knowledge of the company's business functions. It is often, therefore, appropriately handled through a team reporting to the CFO.

LUBRINCO offers the specialized training and consulting that firms need to understand, develop, implement, and maintain a successful program to protect your organization from competitive intelligence, economic espionage, and theft; comply more fully with Sarbanes-Oxley requirements; and demonstrate "due care and a reasonable effort to protect trade secrets."

An OPSEC program can do more than just make your firm Sarbanes-Oxley compliant and and reduce the personal liability related to not having implemented an OPSEC program.

• Most obviously, if you are responsible for the sale of a company, and the benefits to the purchaser greatly outstrip the sale price because you had not adequately identified and valued the intellectual property, shareholders are increasingly likely to take you to task.
• It also allows you to eliminate or reduce your company's share of the estimated $300 billion that is lost every year to competitive intelligence, economic espionage, and theft. How much might this add to your bottom line? If you posited that losses were evenly divided among the Fortune 1000 companies, it could add as much as $300 million per year. But even if it were only $75 million a year added to the bottom line each year it would be a significant contribution to your bottom line.
• By fully identifying your actual assets and their value, you become equipped to then exploit them to their fullest, maximizing their contribution to your bottom line. As an example, a nmber of sources estimate that it costs roughly $80,000 to protect a patent over its lifetime. An OPSEC program is likely to reveal that some patents no longer maintain real value. This puts your firm in a much better position of choosing exactly how to deal with costs related to intellectual property that has lost its value.
• By the same token, sometimes the value of an intellectual property lies not in the revenue stream it produces, but rather in its strategic value. However, without first properly identifying the asset and its potential value, a significant portion of the value can readily be forfited. Until the value is recognized it cannot be exploited to your firm's benefit.

Contact LUBRINCO to help you gain a clear perspective on how your firm can benefit from proper identification and valuation of your intellectual property and critical information assets, as well as help you protect those assets from "unwanted attention."

For information on a variety of aspects of Sarbanes-Oxley, we suggest you look at the Sarbanes-Oxley Act Forum

Join the OPSEC Professionals Society