According to the findings of a new report from a San Francisco Bay-area information security solutions provider – “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall” – corporate insider intellectual property (IP) thieves are usually males under 40 in technical positions, have a new job ready at the time of the theft, and steal information they were authorized to access. In addition, the report found that warning signs contributing to the motivation of corporate insider intellectual property thieves included perceived professional setbacks and unmet job expectations.
Authored by experts in the fields of psychological profiling and employee risk management, the research paper from Symantec helps employers learn about insider theft profiles, key risk indicators and factors, and steps to take to defend against intellectual property theft. The report also addresses the high level of organizational anxiety surrounding potential theft of intellectual property by employees and also describes the people and organizational conditions contributing to this risk.
The Commerce Department estimates that intellectual property theft costs U.S. businesses an estimated $250 billion annually. Based on a review of empirical research, the report identifies the following key behaviors and indicators that contribute to intellectual property theft by corporate insiders:
- Sex/Age/Job of IP Thieves: The majority of insider intellectual property theft is committed by current male employees averaging about 37 years of age in technical positions that include engineers, scientists, managers, and programmers. Many IP thieves had signed IP agreements, indicating that policy without effective enforcement is ineffective.
- New Job Waiting for IP Thieves: Approximately 65 percent of employees who committed insider intellectual property theft had accepted a new job with a competing company or started their own company at the time of the theft. About 20 percent were recruited by an outsider who targeted the data and 25 percent gave the stolen IP to a foreign company or country. Over 50 percent stole data within a month of leaving.
- IP Thieves Already Have Access: Three out of four employees – 75 percent – who committed insider intellectual property theft stole information they were authorized to access since they knew and worked with the data and often felt entitled to it in some way.
- Trade Secrets Most Common IP Theft: The most common type intellectual property stolen by corporate insiders was Trade secrets (52 percent of cases) followed by Business information and other administrative data (30 percent), source code (20 percent), proprietary software (14 percent), customer information (12 percent), and business plans (6 percent).
The report from Symantec also revealed that key patterns and common problems preceded inside intellectual property theft. These warning signs contributed to the motivation of corporate insider thieves and included perceived professional setbacks and unmet expectations that fast-tracked insiders into stealing IP. These signals of impending intellectual property theft showed the role of personal psychology and stressful events as indicators of insider risk.
The report features recommendations for employers concerned with intellectual theft risk that include building a team to fully address insider theft, evaluating risk factors, creating effective policies and practices, training and education, and using pre-employment screening to make informed decisions and mitigate the risk of hiring a “problem” employee.
To download the free report – which helps employers recognize the early warning signs, as well as motivations and behaviors, of insider intellectual property thieves – click here.