I read with great interest The New York Times’ “Room for Debate” that discussed whether companies should disclose when they get hacked. When brands big and small suffer a data breach and lose customer data, they are required to disclose the breach based on various state privacy laws that mandate disclosure when personally identifiable information (PII) is lost. But, when hackers get in the backdoor and make off with other valuable IP, we typically don’t hear about it. Opinions on the matter of disclosure run the gamut. Some think mandatory disclosure of security breaches will telegraph weaknesses while others think disclosing cyber-risks is material and investors should know if a company can keep its crown jewels secret.

There’s plenty to debate on this front, but by focusing so much attention on hackers pilfering sensitive corporate data we’re ignoring one of the biggest threats to IP that companies face everyday – our own trusted employees. We need to consider to whom more corporate secrets are lost – the external attacker or the insider?

fren·e·my [fren-uh-mee] noun. Someone who is both friend and enemy, a relationship that is both mutually beneficial or dependent while being competitive, fraught with risk.

When it comes to taking your intellectual property (IP), employees are the less obvious player but they can be frenemy #1. In many cases, these trusted employees are moving, sharing and exposing sensitive data in order to do their daily jobs. In other instances, they are deliberately taking confidential information to use at their next employer. It’s not that these employees are inherently malicious – often they just don’t know it is wrong to do so.

As your dentist turns on his drill, have you ever thought that a little extra preparation – in the form of better brushing habits – could have saved you from this uncomfortable situation? Life is full of similar situations, when we experience consequences that may be avoidable by taking the right precautions. A major auto manufacturer suffered one of these unfortunate incidents recently, when they fired an IT employee who then turned around and stole sensitive intellectual property (IP) from the company. News surfaced last week that a disgruntled IT technician at an intelligence agency reportedly downloaded terabytes of data that he intended to sell. Fortunately, both organizations quickly spotted the IP thefts and have taken action against the alleged perpetrators.

In the constant war for information security between businesses and cybercriminals, we are so focused on the faceless, outside enemy that we often fail to recognize potential double agents within our own ranks. With so many resources devoted to preventing hackers and cybercriminals from getting past our external network defenses, it’s easy to neglect internally based intellectual property (IP) theft.

IP theft is staggeringly costly to the global economy: U.S. businesses alone are losing upwards of $250 billion every year. As it turns out, IP thieves are most often either current or former employees.  We trust most of our employees to do the right thing, but the malicious actions of a single person can jeopardize the health of the business and jobs for everyone.

In today’s business world, information is as valuable as cash. In fact, industrial espionage costs U.S. businesses more than $250 billion each year. [i] This has organizations scrambling to shore up their defenses against all manner of outside attacks.  At the same time, companies of all sizes may be neglecting one of the most important perpetrators of intellectual property (IP) theft: their employees.

In order to assess this often underrated threat, Symantec asked forensic psychologists Eric D. Shaw and Harley V. Stock to examine various factors leading to insider IP theft. While most research is put into the development of technology-based security measures, their white paper focuses on the behavioral and environmental issues that can lead to theft of corporate data.

Who Is the Typical IP Thief, and What Are They Stealing?

The average data thief is 1) a current employee; 2) male; and 3) 37 years old, on average. They serve mainly in technical positions such as programmer, engineer or scientist. [ii]

Intellectual property (IP) is more sought after than ever. But don’t just take my word for it; look at attacks such as Hydraq, Stuxnet and recent thefts of proprietary designs and programs from large corporations. Between 2008 and 2009 American business losses due to cyber attacks had grown to more than $1 trillion worth of IP.

For organizations this means the task of protecting intellectual property and sensitive information contained in documents, spreadsheets, and product design  files, is more important than ever before.

To protect their intellectual property, organizations must first know where it is. But, locating IP throughout the organization has become much more difficult. Intellectual property is often buried in a sea of unstructured data that is spread out across physical, virtual and cloud-based infrastructure. And there’s more and more of it, as noted by a recent Information Week article: