Do you have insurance covering risks related to intellectual property?
The Ponemon Institute (with the support of AON) is providing a valuable study that deals with insurance related to risks regarding cybersecurity and intellectual property. The research team behind this study collected responses from 2,348 participants in North America, Europe, the Middle East, Africa and Asia-Pacific, all professionals involved in IT risk management.
The study focused on intangible assets as defined below, the value of which is estimated between 20 and 25 trillion dollars. Intellectual property is at the heart of these intangible assets.
Auhtors provide some cases where insurance covering intellectual property risks might be useful. For example, AstroTurf had to declare bankruptcy following a $30 million patent infringement case (p.5). This is reminiscent of Harley Davidson c. SunFrog, where the platform had to pay $19.2 million to Harley Davidson, even though the court had deliberately limited the amount of the damages in order to prevent SunFrog’s finances from going into the red zone (iptwins.com, June 27 2018).
Several points deserve to be highlighted in this very rich study.
The value of intangible assets exceeds that of tangible assets. In the information age, this is not surprising. Paradoxically, however, intangible assets are less well insured than tangible assets (p.9). This is all the more surprising considering that only 16% of the participants admit that they are not aware of the economic and legal risks involved in the event of a security breach (pp. 11 and 18), especially since half of the companies have known at least one flaw in the 24 months before the study (page 14). In these unfortunate events, trade secrets were mainly concerned (47%), followed by copyrights (26%), and patents (24%) (page 23).
So how can we explain the fact that a large majority of companies do not subscribe to an insurance policy covering intellectual property issues? There are different justifications. The study provides one: the majority of companies have developed or adopted an IP risk management strategy (p.23), without specifying what these strategies consist of (the question would go beyond the purpose of the study). It is probably necessary, at least, to ensure that the corporate domain names benefit from the highest degree of security, which implies, first and foremost, the adoption of the DNSSEC protocol (on this point, see iptwins .com, March 4, 2019).