This is Matt Collins, Insider Threat Researcher at the CERT Insider Threat Center. In this post, I cover statistics related to a group of cases in the CERT Division's insider threat database related to the theft of intellectual property (IP).

The CERT database was started in 2001 and contains insider threat cases that can be categorized into one of four groupings:

1. Fraud
2. Sabotage
3. Theft of Intellectual Property (IP)
4. Miscellaneous

Today I'm discussing cases in our database that involve the theft of IP. As of the date of this post, we have 103 insider threat cases in the MERIT Database that include the theft of IP. (All statistics are reported as a percentage of the cases that had relevant information available.)

Insider theft of IP occurred most frequently in the Information Technology (35% of cases), Banking and Finance (13%), and Chemical (12%) industry sectors. (The industry sector was known in 101 of the 103 cases.)

The majority of insider IP theft incidents occurred onsite. (The attack location was known in 78 of the 103 cases.)

Trusted business partners accounted for over 17% of attackers (i.e., 98 of the 103 cases) and former employees accounted for 21%. (Employment status was known in 100 of the 103 cases .)

Over 30% of insider theft of IP cases were detected by non-technical means, while fewer than 6% cases were detected by a software solution.

The financial impact of these attacks is substantial. The impact was over $1,000,000 USD in 48% of cases and over $100,000 in 71% of insider theft of IP cases. (Financial impact was known in 35 of the 103 cases.)

For additional information and more in-depth analysis of the insider threat cases involving the theft of IP with foreign beneficiaries, please see our report Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations.

In addition to the theft of intellectual property, the CERT Insider Threat Center has conducted studies of other insider threat cases, including insider fraud in the U.S. financial services sector and potential patterns of insider threat cases involving sabotage.

As always, if you have questions or comments for the CERT Insider Threat Center, we would be happy to hear from you. Please contact us at insider-threat-feedback@cert.org.