We’ve been working in information management (IM) for 20 years now, and there are plenty of challenges, including information lifecycle management, stakeholder engagement, change management and supporting compliance activities. But intellectual capital (IC) protection far outstrips them all in terms of how difficult and how critical it is to address.
This might cause some IM professionals to pause. But with the increasing number of high profile breaches, the growing pressure to manage consumer and employee data better, and the rapid growth of content sprawl, it’s time for IM professionals to un-pause. Any other IM challenge they can imagine pales in comparison to what they’ll face when they try to manage IC better. And the risk of failure isn’t simply a fine or bad PR. It’s going out of business — or worse, the loss of critical US technology to nation states or other global actors.
Protecting Intellectual Capital isn’t Easy
IC is difficult to protect for a number of reasons:
1) IC is not a hard and fast category like protected health information, payment card information or personally identifiable information. What constitutes IC will vary by industry, product, process or function within an organization.
Sure, some IC is clearly IC (e.g., a design for a cutting-edge product, patent information before it’s been approved, strategic planning documents), but a lot is less clear cut. Is a price list IC? Maybe — if you’re in a business where your ability to tailor pricing is a competitive advantage. But it might not be, for example, if you’re in a business where your product is a commodity and pricing is set for you (think copper), or where your product is so in demand that pricing isn’t an issue (Nintendo Switch or Apple products). The situation is similar with process documentation, customer lists, research, operational data, etc. All of these could potentially be IC, but also might not be depending on industry and organizational context.
2) There isn’t a single technology that can protect IC across its lifecycle in all the locations and formats it can exist: paper versus electronic, structured versus unstructured data, Office 365 versus line of business systems, rich media, IoT and physical assets. Each format needs different kinds of protections, enabled by varying (and often overlapping) technologies.
3) Protecting 100% of IC would put an organization out of business since all organizations need to collaborate with external parties to operate, and even to collaborate on IC. Completely locking IC down would make working with suppliers, contractors and joint venture partners impossible.
4) No amount of technology and controls can completely remove the human element. Well-meaning employees who make mistakes as well as bad actors will always be able to thwart your best efforts to some degree, no matter how much you try to prevent it.
The Cost of Intellectual Capital Leakage
As scary as the difficulties in protecting IC can be, the costs of failing to do so are far scarier. For an organization, IC leakage can mean losing things like:
- a product design to a competitor who gets it patented first or who is able to produce knock-offs
- a process innovation that allows other organizations to copy how it works to erode its competitive advantage
- operational data that provides insights into a business's costs, margins and revenue
The negative impact of all of these scenarios is significant and could even lead to an organization going out of business. For US society, however, IC leakage from organizations can have even more significant costs.
If the IC winds up in the hands of foreign companies, the revenue they generate and the market share they take from US companies would erode US GDP, weaken the US economy and lead to loss of jobs (as the companies that lost IC may contract and shed jobs).
If the IC winds up in the hands of nation states hostile to the US, their ability to strengthen technology or other capabilities would make them stronger and increase the threat they pose to our security.
And if the IC winds up in the hands of non-state actors hostile to the US, it could enable them to more effectively attack US military and citizens as well as critical infrastructure in the US and abroad.
We see too many organizations waiting to address IC protection until something bad happens, such as when an employee steals IC or IC is lost due to a breach. But IC loss is often invisible to an organization because those who steal it aren’t usually going to let you know they did. You have to wonder whether copycat products, eroding margins or increased competition is due to IC loss or other factors. So it's better to begin taking IC protection seriously today. Given the high cost of doing nothing, inaction isn't an option.