Trade secrets were stolen in 52% of cases reviewed in the report, which was based on an examination of existing empirical literature. Business information such as billing records, price lists, and other administrative data was stolen in 30% of the cases, source code (20%), proprietary software (14%), customer information (12%), and business plans (6%).
The majority of IP theft is committed by male employees averaging about 37 years old who are engineers or scientists, managers, or programmers. They take the data they know, work with, and often feel entitled to in some way, the report found.
“If we look at who steals IP, we generally see that it is most likely to be a scientist or a manager who has access to the data and a belief that the data has value”, said Harley Stock, a coauthor of the report and a managing partner with Incident Management Group.
A large percentage of these thieves had signed IP agreements, indicating that policy alone—without employee comprehension and effective enforcement—is ineffective.
About 65% of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20% were recruited by an outsider who targeted the data, and 25% gave the stolen IP to a foreign company or country.
The report found that more than half of IP thieves steal the data within 30 days of leaving the company. “They are leaving under less than desirable circumstances, so they are often disgruntled”, commented Eric Shaw, coauthor of the report. “Usually, they take the IP with them to start a new job or establish a new business”, he told Infosecurity.
The majority of subjects (54%) used a network – email, a remote network access channel, or network file transfer to remove their stolen data. However, most insider IP theft was discovered by non-technical staff members.
“What we have to be able to do is look at individuals and their patterns over time. We can’t put a technical fence with a gate that opens and closes around the data to protect it. Folks need to be able to do their job and have access to information”, Shaw said.
Common problems occur before insider thefts and contribute to insider’s motivation. These precipitants of IP theft support the role of personal psychological predispositions, stressful events, and concerning behaviors as indicators of insider risk, the report noted.
Professional setbacks can fast-track insiders considering stealing IP. Acceleration on the pathway to insider theft occurs when the employee gets tired of “thinking about it” and decides to take action or is solicited by others to do so. This move often occurs on the heels of a perceived professional setback or unmet expectations.