I really wonder about corporate espionage, the subject of a new book which claims that network technology has meant that industrial espionage is on the rise and easier than ever. I observe that people who write books or articles about this subject, while no doubt very knowledgeable, also tend to be security consultants selling their services. I certainly would not want to criticise such fine people, especially as they could no doubt easily find out where I lived. But, let’s face it, a consultant is hardly about to publish an article “corporate espionage is no big deal really; no need to invest much here”. My scepticism is prompted by a couple of personal experiences.
In a really big company there is actually very little data that is truly “secret”, and then usually only for a certain period of time e.g. quarterly resuts just prior to making them public. Or plans for an acquisition perhaps prior to a bid, or bidding information for large contracts, maybe certain aspects of R&D. In most cases company executives have enough trouble making sense of their own corporate information. Let’s face it, if you can’t figure out who your most profitable customers are (a significant problem for most companies, whether they admit it or not), how are your competitors going to work it out by accessing your information systems? However, as I say, there are some very specific pieces of data with commercial value. When I used to work in Esso Expro we were contacted by an employee of another oil company (let’s call it Toxico) offering to sell Esso information on their bid for the next round of North Sea acreage. Now this information was of real value, and appeared to come from one of the bid team, so was genuine. What did Esso do? They rang up the Metropolitan police, followed by the security department of Toxico and told them the full story. There was no debate about this, no hesitation; it was a decision taken in a heartbeat. Esso has well-grounded ethical principles and was having none of this.
A second personal experience was of a friend who is one of the three smartest people I ever met. She had a meteoric rise through management in a large corporate that I suppose I should keep nameless, and was promoted to be in charge of their competitive analysis unit. This unit did spend its time (legally) analysing its competitors and trying to pick up any snippets of competitive information that it could. After six months my friend recommended that they close her department down. Why? Because she could not find a single of example of her quite well-funded department’s findings ever actually being acted upon. In other words management liked to know what was going on, but basically did whatever they were going to do anyway. The company didn’t have the courage to actually follow through on this, and my friend duly moved on to another job (she is now in a very senior position as a major investment bank).
So, at least in these two cases, the work of a major corporate competitive analysis unit was assessed by its own boss to have no tangible value at all, while when someone did actually ring up and offer to sell valuable information, Esso declined and turned the would-be informant over to the police.
While internet hackers can undoubtedly cause a great deal of trouble, I honestly wonder just how realistic are the stories of doom and gloom on corporate espionage, in particular the fears about someone hacking into secret information systems. In most companies, the information really isn’t that exciting. Only a tiny fraction of information is genuinely valuable/sensitive, and even if you got hold of it most ethical companies would do the decent thing as Esso did and turn in the informant.  I am sure there are some exceptions, no doubt involving tales of derring-do, but how many of these are there?
However, stories like mine do not sell security consultancy. If anyone ever does write a book debunking corporate espionage then I promise to buy it.
Â
Â