"My company is regulated, with little to no R & D, no manufacturing, and only a very limited exposure in the competitive wholesale markets. In your professional opinion, what is our exposure or risk in regards to industrial//corporate espionage?"
Your question about espionage exposure is one I hear quite often; "Why us?"
Just as every person has uniqueness — their personality, list of friends, list of enemies, list of things someone might want to steal, etc. — corporations are unique as well. While I don't know much about the characteristics of your particular company, I can hazard a few rough guesses about possible corporate espionage risk areas...
• Media interest – Reporters digging for information to make headlines. A public safety issue, for example, might prompt a full expose on the company's policies, maintenance procedures, employee health epidemiology data, etc..
• Activist Group Interest – Media reports always have the potential to spark activist groups. Catalysts include: safety issues, regulatory issues, price increase hearings, etc.
• Stockholder Interest – When a price increase hearing is not favorable (possibly due in part to activist lobbying) predicted earnings may fall below expected levels, thus sparking stockholder unrest and desire for change. To support their case, collection of internal information becomes a priority for them.
• Construction Interest – Construction contracts usually incorporate a bidding process. The higher the stakes, the more desire for inside information. If espionage is successful, the company pays more than necessary and runs the risk of purchasing inferior products and services. Due diligence on this point alone is especially important if your construction impacts the public, in any way.
• Mergers & Acquisitions – Inside information means big $$$ to many outsiders.
• Intellectual Property Protection – Any unique advantage that makes your business profitable is a target for outsiders. They can make money by stealing it, or even just neutralizing it.
• Lawsuit Strategy – Inside information from the Legal Department means big $$$ to the opposition.
• Labor / Management Issues – Contract negotiations create periods of very high-risk. Also consider this... Your Personnel Department is involved with a multitude of high-value situations (every day) where meetings, conversations and other 'real-time' decision-making conversations and data hold immense value to outsiders.
I am sure I can come up with a few more examples, but this should get you started.
Recommendation – Identify key physical areas impacted by the above. Provide these areas with quarterly or biannual (or a mixture) counterespionage audits. In addition to providing specific sensitive work environments with heightened privacy protection, you will have shown due diligence; necessary for obtaining 'business secret' status for your side in court.
A Counterespionage Strategy is an important element in every corporate security program. Thank you for asking.
~Kevin
