Majority of S&P 500 companies are not safeguarding their biggest asset

Adequately protecting it from cyber threats starts with identifying where it's located

Majority of S&P 500 companies are not safeguarding their biggest asset

Cyber

By Alicja Grzadkowska

It’s hard to imagine that there’s an asset that makes up 80% of the value of S&P 500 companies, but is not adequately protected by more than two-thirds of those companies. However, that’s the situation currently facing intellectual property, according to Aon’s 2020 Cyber Security Risk Report.

The report noted that between 2005 and 2018, “the value of intangible assets held by the five largest companies by market cap increased from US$9.28 trillion to US$25.03 trillion. At the same time, the theft of IP assets by cyber attackers have grown. Despite this risk, many firms are not safeguarding their IP as securely as they should be.

“We’ve only seen the value of intangible assets grow and when you look at valuations of organizations, our largest organizations are technology organizations and their value is those intangible assets that they hold,” said Stephanie Snyder (pictured), SVP and commercial strategy leader at Aon. “You have organizations from an insurance standpoint that are still insuring property, plants and equipment from a true brick-and-mortar perspective, whereas there’s also such a need to be insuring intangible assets, whether they be data, patents, trademarks, copyrights, and especially trade secrets.”

Nonetheless, more companies are now learning about the risk to their IP assets. Snyder has seen organizations start to focus on pinpointing what their crown jewels are – in other words, what is the data that drives the organization – and then begin to consider its value and how to protect it. Companies also need to think about cyber threats from a reactive standpoint and what they need to do if there’s a breach of that particular valuable data.

Purchasing IP insurance is one way to help protect companies’ bottom lines should their crown jewels be targeted.

“With regards to insurance, frankly it’s an evolving area in terms of insuring intangible assets,” said Snyder. “IP insurance has been available for a number of years, both on a proactive and reactive basis, in terms of the potential liability from a third party standpoint if you infringe on someone else’s IP or if you find that someone is infringing upon your IP, being able to fund potential litigation to be able to protect your IP.”

IP insurance covers companies for the legal costs associated with pursuing infringement or theft of IP. It also covers legal defence costs for policyholders accused of IP infringement or theft. The two basic types of IP insurance are infringement defence and abatement enforcement coverage. The former is the most popular type of IP insurance and covers policyholders for infringement claims brought against them while the latter coverage gives insureds the financial resources to enforce their IP rights and pursue infringement claims.

To mitigate the risk of cyber criminals breaching a company’s trade secrets and other IP assets, Snyder explained that it comes down to identifying the information and understanding where it resides on the network. This can involve many hands since even though IP strategy, valuation and protection are issues for a board of directors, “IP protection resides in and across the remit of many corporate stakeholders including innovation officers, CTOs, heads of IP and human resources,” according to the Aon report.

Another challenges is that “oftentimes we find that organizations don’t necessarily know where that IP resides on the network and if they don’t know where it resides inside the network, how are they adequately protecting it and ensuring that it is safe, and that it is not going to be somehow mistakenly put on to a laptop that could be lost in the back of a taxicab?” said Snyder. “[We’re] helping organizations understand how to improve their overall posture around intellectual property on an affirmative basis, and then being able to understand that if they know where the information lies within the network, if there is some type of breach of the network security, they can then determine if there was any impact to that particular sensitive information.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!