Five Eyes release the Five Principles to Secure Innovation

More than ever before, the world is seeing a rapid growth in emerging and innovative technologies. New Zealand is no exception – with the continued development of new technology being critical to the country’s economic growth, the need for businesses to secure this innovation is vital. So much so, that the Five Eyes intelligence alliance recently met in public for the first time to warn the private sector about the growing threat of industrial espionage.

Broadly defined, industrial espionage is a form of corporate spying by business competitors or foreign states, for the purpose of stealing or copying valuable information to gain a commercial (or political) advantage. ‘Valuable information’ will usually include intellectual property, trade secrets, and technology. These forms of espionage are seen most often within the technology sector (given the substantial cost required for research and development). However this risk extends to all businesses that create new and innovative products and services. It can result in the exploitation of key assets and the loss of a business’ commercial value.

This issue was the focus of the Five Eyes alliance’s meeting in October 2023, when all five members (comprised of intelligence agency leaders from Australia, Canada, New Zealand, the United Kingdom and the United States) attended the 2023 Emerging Threats, Innovation and Security summit in Silicon Valley. During the summit, the alliance met with private sector leaders across all five countries to discuss the sharp rise in industrial espionage attempts.

In response to the heightened concern, Five Eyes has now released the “Five Principles to Secure Innovation” – described in a statement as “jointly bolstering security across our five nations by offering practical steps organisations can take to keep themselves safe”.  While particularly relevant to technology businesses, these guidelines are important for all New Zealand business sectors to recognise and understand.

Briefly, the principles are:

Know the Threats

It is important for businesses to be aware of the methods state-backed and hostile actors implement to obtain and utilise an organisation’s technology and intellectual property. For instance: cyber-attacks; using or coercing a business insider; physically stealing information or technology; and intercepting supply chains, are all illegal methods that are used to carry out industrial espionage.

Secure your Environment

To strengthen security against industrial espionage, organisations will need to establish effective systems for security risk management, in particular:

• Ownership: Appoint a senior member of the company (i.e., at board level) to keep security decisions at the forefront of the business.
• Identification: Identify the key areas of innovation and protection for your business, and the areas where there is the greatest risk of exposure.
• Analysis: Carry out security assessments alongside any other risks to your business on a regular basis.
• Mitigation: Ensure that your business’ malware and technological security software is up to date, and that proper processes are in place to ensure that all employees are alert to the risks – and know how to react when a possible risk presents itself.

Secure your Products

Build security into your products and services right from the start, and actively protect and manage your intellectual property assets. This can be done through legal methods of protection, for example, registering trade marks, patents, or designs. Businesses should also ensure that unregistered rights such as trade secrets and copyright works are identified and protected (computer code, business processes etc) through the security measures discussed above. Legally protecting and managing your intellectual property assets is key to maintaining the commercial value of your organisation’s innovation.

Secure your Partnerships

Manage the risks that partnerships with investors, suppliers, and other collaborators can bring. Particularly for start-ups, it is important to take a cautious approach when sharing your organisation’s information with potential and existing investors, and commercial partners.

Prior to sharing any information with new investors, ensure that a robust contractual agreement (such as a non-disclosure agreement) is in place to protect your business’ key assets and information. Also consider conducting background checks and due diligence on all external investors, suppliers and partners before initiating any discussion. Get legal advice on any commercial agreement to ensure your interests are appropriately protected.

Secure your Growth

As your business grows into new / international markets, ensure that security risks are identified and managed effectively.

When entering international markets, consider specific risks to your assets in relation to some overseas jurisdictions (for example, export controls and travel security risks).

When expanding your workforce, also consider conducting pre-employment checks and screening, as well as continuing to upskill and train employees on the risks of industrial espionage and keeping information secure.

If you have any questions or would like to discuss how to secure your organisation’s information, technology or intellectual property, please get in touch with one of our experts.

‍

‍