person climbing a sheer rock wall

Your Biggest Information Management Challenge

December 02, 2019 Information Management
Joe Shepley
By Joe Shepley

I’ve been working in information management (IM) for 20 years now, and while there are plenty of challenges — from information lifecycle management, to stakeholder engagement, change management and supporting compliance activities — I think one challenge far outstrips them all in terms of how difficult and how critical it is to address: intellectual capital (IC) protection.

This might cause some IM professionals to pause. After all, with the increasing number of high profile breaches, the growing pressure to mange consumer and employee data better, and the rapid growth of content sprawl, IC protection seems like a nice to have, something better addressed by our legal departments than IM.

Well, it’s time for IM professionals to un-pause, because any other IM challenge they can imagine pales in comparison to what they’ll face when they try to manage IC better. And the risk of failure isn’t simply a fine or bad PR, it’s going out of business — or worse, the loss of critical US technology to nation states or other global actors who will use it to increase their strength and weaken ours … or actively threaten us or our allies.

The Difficulty of Protecting Intellectual Capital

IC is so difficult to protect for a number of reasons.

The first is IC is not a hard and fast category, like protected health information, payment card information or personally identifiable information. What constitutes IC will vary by industry, organization, and product, process, or function within an organization.

Sure, some IC is clearly IC — a design for a cutting-edge product, patent information before it’s been approved, strategic planning documents — but a lot is less clear cut. Is a price list IC? Maybe — if you’re in a business where your ability to tailor pricing is a competitive advantage. But it might not be — for example, if you’re in a business where your product is a commodity and pricing is set for you (think copper) or where your product is so in demand that pricing isn’t an issue (think Nintendo Switch or Apple products). The situation is similar with process documentation, customer lists, research, operational data, etc. — all could potentially be IC but also might not be depending on industry and organizational context.

The second reason IC is so hard to protect is there isn’t a single technology that can protect IC across its lifecycle in all the locations and formats it can exist in: paper versus electronic, structured versus unstructured data, Office 365 versus line of business systems, rich media, IoT and physical assets all need different kinds of protections, enabled by different (and often overlapping) technologies.

The third reason is protecting 100% of intellectual capital would put an organization out of business, because all organizations need to collaborate with external parties to run their business, which includes collaborating on IC. Completely locking IC down would make working with suppliers, contractors and joint venture partners impossible.

The final reason is no amount of technology and controls can completely remove the human element — well-meaning employees who make mistakes as well as bad actors will always be able to thwart your best efforts to some degree, no matter how much you try to prevent it.

Related Article: Social Ideation Finds Ideas Worth Pursuing

The Cost of Not Protecting Intellectual Capital

As scary as the difficulties protecting IC can be, the costs of failing to do so are far scarier.

For an organization, IC leakage can mean losing things like a product design to a competitor who gets it patented first or who is able to produce knock-offs; or a process innovation that allows other organizations to copy how it works to erode its competitive advantage; or operational data that provides insights into a business's costs, margins and revenue. The negative impact of all of these are significant and could even lead to an organization going out of business.

For US society, however, IC leakage from organizations can have even more significant costs. If the IC winds up in the hands of foreign companies, the revenue they generate and the market share they take from US companies erodes our GDP and weakens our economy, as well as leads to loss of jobs, as the companies that lost IC may contract and shed jobs.

If the IC winds up in the hands of nation states hostile to the US, their ability to strengthen technology or other capabilities will make them stronger relative to the US and increase the threat they pose to our security.

And if the IC winds up in the hands of non-state actors hostile to the US, it could enable them to more effectively attack US military and citizens as well as critical infrastructure in the US and abroad.

Related Article: Are You Missing Out on Good Ideas in Your Business?

Don’t Wait for the Worst to Happen

Too many organizations I see wait to address IC protection until something bad happens, such as an employee steals IC or IC is lost due to a breach. But IC loss is often invisible to an organization, because those who steal it aren’t usually going to let you know they did. You have to wonder whether copycat products, eroding margins, or increased competition is due to IC loss or other factors. It's better to begin taking IC protection seriously today. Work to improve how your organization addresses IC protection. Given the high cost of doing nothing, inaction isn't an option.

About the Author

Joe Shepley is a strategy consulting professional living and working in Chicago. In his current position as Managing Director at Ankura he focuses on helping organizations improve how they manage Privacy risk through improved processes and technology.


Featured Research

Related Stories

bird feeding out of a person's hand, suggesting trust and care

Information Management

Why Responsible AI Should Be on the Agenda of Every Enterprise

Two dogs in robber masks

Information Management

Insider Risk: What Hybrid Companies Need to Know — and Do

tandem skydiving with what looks like a very tiny parachute

Information Management

Can You Trust Zero Trust Networks in the Remote Workplace?

Join Top Industry Leaders at the Most Impactful Employee Experience and Digital Workplace Conference of 2023

Reworked Connect