While governments often work in tandem with their national industries to steal corporate secrets, they are not the only agents. Numerous prosecutors who investigate corporate espionage crimes have told me that the majority of the offenses they pursue involve companies targeting their domestic rivals. For example, the process for making soft-center chocolate chip cookies became the focus of epic industrial espionage efforts as Nabisco, Pillsbury and others raced to bring the revolutionary new cookie to market.

Motorola chief information security officer Bill Boni describes the damage incurred by acts of corporate spying as "death by a thousand cuts."

But in a global economy, does it really matter which company brings a product to market? For investors and consumers, the answer is, emphatically, yes. Say an American pharmaceutical company invests $800 million into the development of a new drug. If another firm steals the formula, it will probably manufacture the drug overseas, and the resulting product will end up on the black market. This means that the drug will sell for a fraction of its normal price. The developer cannot recoup its investment, and quality control issues may damage its reputation. Even if the counterfeit drug is not sold domestically, the overseas competition will eat into the developer’s profits.

Diverse, multinational corporations may be able to survive this type of blow. But small and midsize companies would be devastated. In the mid-1980s, Recon/Optical, a Barrington, Ill., manufacturer of high-quality optical products for military applications, won a contract from the Israeli military. Israel’s government said it wanted contract monitors on site to observe the progress of the effort. In reality, these Israeli air force officers were spies who stole every important aspect of Recon/Optical’s technology. An Israeli company that used the same technology opened three months later and sold the products for one-third of Recon/Optical’s price, effectively crippling the company. Litigation ensued, and in 1993 the Israelis reportedly paid $3 million in damages and fines, which was little consolation to the company, which faced near ruin.

Briefcase, Cloak and Dagger
The case of Recon/Optical is somewhat unique in that the company not only knew its IP had been stolen, but it knew who stole it. Most companies are not aware of either. While I often help companies investigate known espionage cases, my main business is performing simulations of espionage attempts in which a team of intelligence professionals targets a company technologically, physically and operationally. Over the years, I have been able to compromise the entire product line of a pharmaceutical company and the fund-transfer systems of major financial organizations, as well as to steal nuclear reactor designs. We have never been caught, and our clients never know what was stolen until we inform them. Disturbingly, in half of these simulations, my team finds evidence of previously undetected crimes or espionage attacks.

In 1996, Congress passed the Economic Espionage Act, making the theft or misappropriation of a trade secret a federal crime. The law directly addresses global corporate espionage in that it has extraterritorial jurisdiction for any crimes involving U.S. citizens (as victims or perpetrators). While the number of prosecutions under this law has increased, most agree that the volume of global and domestic corporate espionage has risen at a much faster pace, and will continue to do so. Technology, particularly the Internet, is providing more opportunities for espionage, especially against small businesses.

Companies are also making themselves vulnerable by moving operations overseas. Those that seek the benefits of a new market, without considering the potential costs of entering it–including losses due to espionage–can offset any gains. Consider the global companies that are tripping over themselves to break into the Chinese and Indian markets. They are lured by lower manufacturing costs and the potential to sell their products to billions of new customers. Yet I know of only a handful that have IP protection policies in place to deal with the very real threat of espionage. At the same time, the host countries and local competitors have continued to refine their espionage skills.

We are also seeing large companies develop their own competitive intelligence programs to monitor the activities of their competitors. While internal groups probably use legal methods, they will inevitably hire outside firms to assist in gathering information, and these firms are more likely to engage in illegal espionage efforts.

Many companies will experience espionage-related losses. While most will not be devastated by these crimes, death by a thousand cuts remains a very real possibility. Better-prepared and managed companies can minimize these losses and boost their chances of recovery by preventing attacks and detecting and responding to successful attacks. Unfortunately, as corporate espionage proliferates, we are seeing few improvements in corporate security efforts. IP protection and security programs are still generally considered luxuries, not necessities.

Ira Winkler is president of Internet Security Advisors Group. He is also the author of Spies Among Us, a book on corporate espionage.

Additional Information
 Managing Espionage Risks