The Threat Lurking Within: Insider Misappropriation of Trade Secrets

When you think of trade secret theft, your mind may conjure scenes like the iconic sequence in Mission: Impossible where Tom Cruise’s character dodges laser beams, rappels into a high-security vault, and dangles inches above a computer while he exfiltrates classified files.

It’s a great scene, even if the boxy computers now look comically dated. The thing is, trade secret misappropriation in the real world doesn’t usually involve covert missions, and the greatest threats to your trade secrets don’t come from shadowy outsiders.

In reality, the greatest risks come from the people you trust the most.

In our last article (When Trade Secrets Walk Out the Door), we examined the massive scale of trade secret theft. We also looked at some familiar scenarios: a departing partner walking away with confidential client information, a customer diverting proprietary designs to a competitor, and a research scientist taking an innovative formula to a competitor.

Each of those examples involved an insider—someone who abuses their legitimate access to sensitive information. Who inside your organization is in a position to walk away with your trade secrets?

Trade Secret Theft Sources

You may be surprised to learn that trade secret theft is usually carried out by people with legitimate access to your information: employees, vendors, consultants, and partners. These insiders do not need to rappel down from the ceiling. They can simply walk in, take what they want, and leave. And when they go to their next job or project, your information may go with them.

Here are some sobering numbers. A study found that 85% of federal trade secret cases involve insiders personally entrusted with sensitive information. And the number of incidents keeps growing. Trade secret cases doubled between 1988 and 1995, doubled again from 1995 to 2004, and doubled yet again by 2017. Another study in 2020 found a 47% increase in cases over just two years.

While external threats like cyberattacks and corporate espionage are quite real—and will be addressed later in this book—the most pressing danger is not some anonymous hacker on the other side of the world. It’s the people you brought under your tent and work with every day.

Common Insider Threat Scenarios

Unlike outside actors who must find a way in, inside actors already have access to your sensitive business information. They know which information is valuable and how to get their hands on it. Whether driven by greed, resentment, or carelessness, insiders can quickly compromise your trade secrets and inflict serious damage on your business.

Let’s dig deeper into the most common insider threats lurking inside organizations:

• Exiting Employees: Many exiting employees don’t leave empty-handed. In fact, employees are the number one conduit for misappropriated information. They may take your trade secrets to a new employer or use them to start a competing venture.
• Vendors and Contractors: Third-party vendors, consultants, and contractors are routinely given privileged access to sensitive business information and systems. Some of them abuse that access by misusing what they learn or leaking it to others.
• Separating Business Partners: Even longstanding business relationships sometimes turn sour. When they do, former partners may walk away with valuable trade secrets and then use them to compete against their former company.
• Joint Venturers: Collaborations foster innovation, but they can also spark fierce disputes over who owns what. When IP rights are poorly defined or contested, former collaborators can quickly become rivals, and litigation may ensue.
• Customers and Clients: Businesses often share sensitive information with potential customers during negotiations, product demonstrations, or customization efforts. Some customers may turn around and use that information for their own purposes.
• Licensees and Franchisees: These relationships depend on controlled sharing of proprietary information and processes. When licensees or franchisees use these in unauthorized ways or after the agreement expires, they are stealing what they should be paying for.

Every relationship of trust carries a measure of risk. Businesses can mitigate the risks by identifying them early, exercising caution in who they work with, and maintaining the right safeguards.

Inside Jobs: Prominent Cases of Insider Misappropriation

The following real-world cases illustrate how those inside an organization can abuse their trusted access and put the company’s vital assets at risk.

Gillette. Razor company Gillette suffered a blow when a disgruntled employee of one of its subcontractors stole drawings of a new shaving system that had cost $750 million to develop. Before the product even hit the market, the designs were leaked to competitors via fax and email. The case shows how one unscrupulous insider can jeopardize years of research and hundreds of millions of dollars in a single stroke.

DuPont. Another costly case occurred when chemical company DuPont sued Kolon Industries for recruiting former DuPont employees to illicitly obtain confidential information about Kevlar, a material used in body armor. This allowed Kolon to shortcut decades of research and development to create its own rival products. Illustrating the gravity and impact of insider theft, Kolon ultimately settled with DuPont for $275 million and paid an additional $85 million in criminal fines.

Ford. Software firm Versata sued Ford Motor Company for using its vehicle design software after their licensing agreement had expired—effectively misappropriating the technology by continuing to use it without permission. A jury awarded $105 million in damages. The case demonstrates how a trusted partner can become a misappropriator by exceeding authorized use.

In an earlier article, we also saw how a Waymo engineer took confidential files to Uber and how a Coca-Cola employee stole secrets and tried selling them to Pepsi. Each case underscores a critical truth that every business leader must understand: The greatest threats don’t typically come from anonymous hackers or foreign spies, but from employees, contractors, and others entrusted with access to a company’s information.

Insider threats are further amplified by shifts in workplace practices and evolving technology.

Join Trade Secret University

Subscribe and receive our curated monthly email digest plus instant access to the Trade Secret Vault. The Vault has exclusive content like practical guides and actionable toolkits.

Name

Email

Enter the vault