Protecting Trade Secrets: Finding the Right Balance

Out of all potential sources of a company’s value, tangible or intangible, trade secrets are often the most valuable. 

While the theft of trade secrets is nothing new, it is an ongoing and growing problem that leads to over $300 billion in annual losses according to the Commission on the Theft of American Intellectual Property. According to a Bloomberg survey, about 70% of organizations believe the risk of a trade secret being stolen will increase over the next five years.

You don’t have to search very hard to find examples of companies battling each other in court over this issue. 

Take for example this story about University of California’s lawsuit against major retailers for selling imported light bulbs that the university claims are based on an invention of one of its research faculty. The attorney representing the university claims the retailers needs to pay royalties for using the designs. 

Despite the importance of protecting trade secrets, it doesn’t appear to be a top priority for executives and boards. The same Bloomberg surveys reveals only 24% of large companies’ board or senior executives are directly involved in protecting trade secrets.

What is a trade secret?

Unlike patents, trademarks, and copyrights, trade secrets do not receive any sort of official certificate or designation from a state or federal government agency in the U.S. 

Although a trade secret can consist of “all forms and types of financial, business, scientific, technical, economic, or engineering information” according to the U.S. Defend Trade Secrets Act, this information only qualifies for legal protection if “…(a) the owner thereof has taken reasonable measures to keep such information secret; and (b) the information derives independent economic value, actual or potential, from not being generally known to…”

In other words, just because a company has some information it deems confidential doesn’t mean it’s a trade secret. Both the U.S. Defend Trade Secrets Act and similar laws at the state-level are clear that an owner must take “reasonable measures to keep such information secret” in order for it to qualify for legal protection.

How are trade secrets stolen and what companies can do to protect their information?

In the same Bloomberg survey cited earlier, one-third of respondents claimed trade secrets had been stolen or misappropriated in the last 10 years. Going forward, these companies believe technology advancements will be a primary driver of this type of theft.

There are several ways trade secrets can be stolen, including:

Employees – this is by far the single biggest source of trade secret theft. More often than not though, trade secrets are not intentionally stolen to cause harm to the company. An employee for example may leave a company, and while he didn’t take any tangible information, he may disclose a “trade secret” in his role at a new company.

To prevent this, companies should be clear on what constitutes a trade secret and mandate that employees sign a non-disclosure agreement if they will have access to this information. Only grant access to those with a critical need. 

New employees should be trained on properly handling trade secrets. Employees leaving the company should complete an exit interview, during which they are reminded of their obligation to not disclose any trade secrets.

One distinction needs to be made – an employee cannot forget their experience, and they should have no problem with leveraging it in future positions in other organizations. As an example, to support my clients during consulting engagements, I’m always tapping into knowledge and experience from my days of establishing an ERM process for a large Florida property insurance company. However, I never disclose the contents of conversations with executives or information not publicly available.

In the end, we can’t expect to completely erase someone’s memory…to do that, they will need to gaze into a neuralyzer from the movie Men in Black. I doubt anyone has one of these!

Physical Theft – Another source of trade secret theft is a company’s physical premises. Some companies have very stringent security at their facilities while others simply lock a door. Buildings should be secure enough to not allow someone to walk in off the street and take something. (You would be amazed at how often this happens.)

To prevent this type of theft, companies should understand where trade secrets physically reside and take reasonable but appropriate action. Are there areas of the building where access should be restricted? Can someone peek through a ground floor window and see conceptual drawings for a new product on a whiteboard? And don’t forget about the use of drones. Drones now give people and organizations the ability to see into windows above ground level, so if you are doing “top secret” work on a higher floor, don’t assume you are protected from physical theft.

Data breaches, hacks, etc.Any company, large or small, is going to take steps to protect its IT systems. Many of these steps will protect trade secrets and other information by default.  Larger companies with dedicated IT staff can monitor the information coming and going through its systems and look for any suspicious activity. 

Employees should be required to have strong passwords and change them at least a couple of times a year. Also, employees should be trained on the importance of IT security and how to spot phishing schemes, especially being ultra-cautious about clicking on links to external sites.

In addition to these in-house measures, companies who operate in a foreign country will need to clearly understand relevant laws and adjust accordingly.

Finding the right balance in protecting trade secrets

The methods for protecting trade secrets outlined in the previous section – employee policies, physical security, and IT security – represent a very traditional approach to managing this risk. These actions typically occur in a silo and focus on the immediate problem.

However, not all companies will need to do the same things to protect their trade secrets – there’s no one-size-fits-all approach. Like ERM in general, what is reasonable for a Fortune 500 company will not be reasonable for a small local company with only a handful of employees. Each company has its own unique culture, so any measures have to take this into account.

Considering escalating theft of trade secrets, there’s no doubt companies need to take an active role in managing this threat. 

With that said, a company also has to draw the line on where it may be overprotecting its trade secrets. 

We often hear stories about companies who are too lax, but it is just as common for companies to be overzealous too – in some cases, to their detriment.

As Norman Marks explains in his new book Making Sense of Technology Risk:

…organizations don’t succeed and add value by managing risk. They do so by setting and then executing on strategies and objectives through intelligent and informed decisions.

In the case of trade secrets, companies must assess the situation of information disclosure – what would truly be detrimental to the company. There may be a lot of information that should not be disclosed, but will it make or break the company? 

Also, if trade secrets do get out, how much are you willing to spend to remedy the situation?

Although it’s not a trade secret case per se, a good example is current litigation between T-Mobile and insurance startup Lemonade. The cell phone carrier claims it has a trademark on a certain shade of pink the startup is using in its marketing materials. Is paying an army of lawyers over a color really the best use of T-Mobile’s resources?  What opportunities is T-Mobile missing out on because it’s diverting time and resources to this issue?

Available materials on trade secrets and intellectual property do a great job of helping us understand this threat. Norman Marks’ commentary on technology risk has a saying that applies to this situation. Here is my paraphrase: Published information helps us understand the situation. The hard part is translating the information into supporting the overall organization, its achievement of objectives, or helping management make intelligent and informed decisions.

The tendency to dive right in and address every conceivable threat to your company’s trade secrets is certainly understandable – after all, people have worked hard on things like this!

However, in light of time, financial, and other constraints, choices have to be made. Is it really worth pursuing a trade secret thief at the expense of investing in product development, employee training, and other actions to help the company succeed?

In some cases, the answer will be yes, and in others, an emphatic no!

How does your company prioritize its protection of trade secrets?

Has your company ever sustained damage because of a trade secret theft?

I invite you to share your thoughts and experiences on this important topic. Leave a comment below or join the conversation on LinkedIn.

Contact me today to discuss your company’s challenges with prioritizing pursuit of opportunities versus managing risks.

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More