If you heard about a threat that had already caused a loss of EUR 60 billion in economic growth and almost 289 000 jobs in Europe alone, that could lead to the loss of one million jobs by 2025, you’d try to do something about it, wouldn’t you?
Those are the estimated losses caused by the theft of trade secrets due to cyber-espionage only. From states to single companies, no one is doing enough to stop this problem.
It is important to change our perspective, to understand what trade secrets are and why they are so relevant, so you and your company can put adequate protection in place, especially when doing business outside Europe.
Starting with the basics: a trade secret is a piece of confidential business information that can be of considerable commercial value and can provide an enterprise with a competitive edge.
In other words, a trade secret can be anything from manufacturing processes or sales or distribution methods to consumer profiles, from advertising strategies to lists of suppliers and clients — as long as it is relevant for your business and you are keeping it secret.
Most of the legislation used to protect information as a trade secret (and to prosecute infringers) requires companies to put some form of defence in place to protect the confidentiality of the information.
Trade secrets do not need to be registered to be protected and, as long as they are kept as secrets, the legal safeguards last forever.
A recent study commissioned by the European Commission (complete text here, executive summary here) shows that companies, especially SMEs, underestimate both the value of their trade secrets and the chances that they might get stolen due to cybercrime.
Consequentially, companies, especially SMEs, tend to underestimate the impact of a breach in their security. A stolen trade secret can lead to at least four kinds of economic damage.
- Opportunity costs: the loss of business opportunities and market shares.
- Negative impacts on innovation: companies lose their investments in R&D when their knowledge is stolen and given to the public.
- Increase in the cost of cybersecurity: if the company has been attacked the costs of cleaning up the system can be very high, as can increases in cybersecurity insurance.
- Reputational damage: if the fact that a company has been hacked becomes public knowledge, this will reduce the trust of investors, business partners and even consumers.
The report highlighted the importance of awareness among companies in terms of preventing the loss of trade secrets. A solid legal framework is not enough, you have to do your part, and put necessary protections in place.
SMEs are the main target of cyber thieves and make up the majority of cyber-espionage victims because their cybersecurity protocols are weaker than those of big companies.
Cyber-espionage mostly involves external perpetrators. This is a large part of the problem, but it’s not the only issue. Especially when you are doing business in South-East Asia.
Other kinds of barriers must be taken into consideration. The most basic protection is probably afforded by physical barriers — store the secret information in an undisclosed physical location that only some employees have access to.
Physical barriers can seem outdated now, and they probably are when it comes to documents (who doesn’t store them on a computer nowadays?). However, they are still relevant when you admit potential partners, or indeed visitors in general, to your premises. Make sure that they cannot take pictures of your innovative products and have them sign non-disclosure agreements (NDAs).
Technical barriers are the most relevant against cybercrime in general and cyber theft in particular. They consist of various information technology (IT) systems that safely store your secrets. They can be expensive, but, as the experts stress, the lack of adequate protection is exactly what makes SMEs the perfect prey for cyber-attacks. There are some basic steps you can implement yourself, from a good password system to basic encryption. However, it’s even more important to develop an IT strategy (for example, you should make it impossible for documents to be shared via the internet or saved on physical devices like USB sticks), possibly with the help of a specialist, and prepare a written technology policy agreement. Make sure that all your employees have read and signed NDAs.
Written agreements are among your best weapons when it comes to protecting your trade secrets. Having people sign an NDA will make them conscious of their actions and ensure they think twice before betraying your trust. Having an NDA in place will also make them legally liable for sharing a secret.
When you’re doing business in South-East Asia, it’s of great importance to have your agreements in the local language. This prevents the other party from claiming that they did not understand their confidentiality obligation.
Having a solid NDA in place is not only important for your relationship with your employees and partners (or potential partners), but also for your relationship with your suppliers and subcontractors.
NDAs are essential in a well-drafted trade secret strategy, but they are not the only element of it. Alongside the technology policy agreements already mentioned, a role can be played by non-competition and non-solicitation clauses in employment contracts. These kind of clauses prevent your former employees from using your list of clients in their new position. Singapore and Malaysia are the most favourable countries for these kind of agreements.
You can also upgrade your NDAs, following the Chinese practice you can draft a non-disclosure, non-use, non-circumvention (NNN) agreement. The idea is to bind your counterpart to strict confidentiality. They are not allowed to disseminate the information (as in an NDA), and nor can they use it for their advantage or circumvent the agreement with anticompetitive practices. The idea is to combine secrecy and non-competition elements.
Even in Europe, trade secret thieves can be hard to prosecute due to the difficulty involved with supplying adequate proof. It’s better to put prevention safeguards in place. After all, prevention is better than medicine.
An even higher level of caution needs to be in place when doing business in South-East Asia. Keep in mind that most ASEAN courts tend to favour a local labour force using knowledge acquired in their previous jobs to make a living, without paying too much attention to the fact that the information might be a valuable trade secret belonging to a former employer.
Many countries (such as Brunei and Cambodia) do not have proper protections for trade secrets in place, and in others (like Myanmar), trade secrets are only protected under contract law, so there is no protection without a contractual relationship.
In Indonesia, trade secrets are protected only when an unlawful appropriation can be proven. To prove an unlawful appropriation you have show that there was an NDA in place and that it was breached, or that your IT or physical protections were abused.
At the moment, the law in Thailand imposing registration on trade secrets is suspended. However, if you are doing business in the country, it’s better to keep a very close eye on this.
Even in countries like Malaysia, Singapore, the Philippines and Vietnam, where relatively sound protections for trade secrets are in place, it can be difficult to protect yourself in the absence of a contract.
To sum up: trade secrets are valuable intangible assets that do not need any registration and potentially last forever. However, you have to learn how to protect your valuable information from cyber thieves, unfaithful partners or greedy former employees.
The first step is to recognise what your secrets are, and then draft your strategy accordingly.
If you have any doubts or questions do not hesitate to reach out to us. The South-East Asia IPR SME HD offers free support to all EU SMEs.
IP Business Advisor
South-East Asia IPR SME Helpdesk