Tadashi Kageyama, Senior Managing Director, Kroll
As Asian companies move steadily up the value chain, a new problem becomes more and more urgent: protection of information. According to Kroll’s 2013/2014 Global Fraud Report, 67 percent of all corporate frauds in Asia, including theft of information, were committed by insiders, up from 55 percent in 2010. The study also revealed that TMT (Telecommunications, Media and High Tech) is one of the worst-affected sectors, whereby 31 percent of the surveyed companies suffered information theft, loss or attack.
In part, this is a consequence of Asia’s economic growth, which means there is now much more valuable information, including trade secrets, available for stealing. At the same time, technological advancements make theft much easier.
With so much business conducted online, a company’s trade secrets tend to reside on computers and servers. Insiders can access a treasure trove of valuable data simply by sending an email attachment or downloading a file to a USB memory stick. As theft becomes technologically easier, managers must be alert to threats anywhere – from an unvetted cleaning crew to employees given free rein to use USB devices on any company computer.
Prevention is often the only cure for this problem. Far more often, the first inkling of trouble comes when a competitor unveils an identical product or a more advanced product whose features are clearly based on those produced by the victim of the theft. By the time a breach is detected, valuable market share and revenues already have been lost.
Meanwhile, although the law offers some protection, it is limited. Beyond attempts to prosecute individuals who steal corporate secrets, patent law can offer some protection, and governments in Asia are becoming better at enforcing intellectual property rights. For example, according to the World Economic Forum’s Global Competiveness Report 2014–2015, Singapore has retained its ranking as second in the world for intellectual property protection. However, patents cannot cover every piece of intellectual property (including trade secrets) that a company owns.
This is especially true of “know how” and industrial processes that enhance performance or productivity. Non-disclosure agreements and non-compete clauses in employment contracts can give companies some leverage to deter would-be leakers. But different countries in Asia are uneven in their recognition and enforcement of such provisions. In 2013, the Hong Kong Intellectual Property Department conducted a survey on public awareness of IP protection and business attitudes toward it. The results highlighted that general awareness of IP rights remains high among the general public and business establishments. However, in some emerging economies, such as Vietnam, although the government has somewhat laid the legal foundation for effective enforcement and judicial oversight of IP rights, the enforcement and general awareness are still poor, compared to other developed ASEAN countries.
All of which make it particularly important that managers think through both what secrets they need to protect and how best to protect them. This involves striking a balance between security and allowing the free flow of information that enables employees to work and innovate. At Kroll, we recommend that companies look at two critical areas of vulnerability: its operations and its cyber environment. Both of these risks impact one another and should not be evaluated in isolation.
In general when it comes to dealing with employees, managers need to adopt healthy skepticism. And instead of thinking about whether some employee somewhere in the company will eventually try to steal a trade secret, it is more beneficial for managers to examine when and how theft might happen. Companies operating in Asia will need to more carefully monitor human resource management, including due diligence for new hires in sensitive positions. Firms will also need to implement thorough human resources policies to facilitate the exit of high-value employees to ensure the separation is managed in a way that minimises the risk of information theft. In one instance, a chemical company did not monitor access to its IT network. Before resigning en masse, several engineers saved critical schematics of a reactor on a USB device and walked out the door unhindered.
Ultimately, market intelligence is also a valuable defense. As executives track their competitors’ moves in the normal course of business, they should be alert to hints that a competitor has stolen trade secrets. Aside from new near-identical products or new patents, unexpected leaps in product quality and reliability, or even manufacturing efficiency, can be other, less obvious, tell-tale signs of competitors using an illegal approach.