Industrial espionage: how companies can protect themselves

Industrial espionage and economic espionage

Even though the two terms are often used synonymously, industrial espionage and corporate espionage are two different things: while economic espionage is carried out by state actors such as foreign secret services, industrial espionage taps information from people who work for competing companies, for example to obtain information about technological developments or customer potential. Sometimes this is also referred to as “company spying”. But these boundaries can be fluid, for example when a company engaging in espionage has close ties to a particular state.

A study carried out at Tilburg University in the Netherlands in 2015 revealed that European companies are particularly vulnerable to industrial espionage, with 20% having suffered a breach. The UK, too, is a high priority target for all forms of espionage: as early as 2011, it was reported that UK businesses were losing £6.7bn per annum to industrial espionage - and the actual figure may have been considerably higher as this only covered cybercrime. Industrial espionage affects all sectors: however, a PwC survey in 2019 found that manufacturing, ICT, finance and insurance, and health and medical technology were most heavily impacted.    

Forms of industrial espionage

In principle, industrial espionage can be carried out in analogue or digital form. The main entry point is employees of the affected companies, who either consciously (such as for financial reward), or unconsciously reveal information, for instance when a relationship of trust has been established and they satisfy the competitors' need for information in seemingly casual conversations. Former employees can also violate confidentiality clauses in employment contracts and transfer information to their next employer, or use it for their own business purposes. Classic theft by competitors also plays a role.

Competing companies are also increasingly trying to obtain relevant information through IT attacks. Almost all computer systems are connected to the internet. As a result, a number of weak points can be attacked in order to gain access to sensitive data. Spies can also place malware in order to harm the competition. Lost smartphones, tablets or laptops can also constitute an entry point which can be used to crack entire company networks.
 

How you can protect yourself against industrial espionage

Business owners have several options to avert espionage threats from within their own company. Security aspects should be considered when choosing the technology and operating system for the computer infrastructure, as well as when selecting the internal means of communication used by employees. Security service providers and stakeholder organisations can help with this decision.

It’s equally important to regularly raise employee awareness of such risks. Training in data and information security should be essential in any company.

A few concrete measures to improve safety:
 

• Don't allow mobile phones during meetings dealing with sensitive content
• Don’t use wireless microphones for lectures or similar, as special scanners can eavesdrop on these from a range of hundreds of metres
• Don’t allow cleaning and technical service staff to work unsupervised in sensitive areas
• Protect technical communication centres, telecommunications and offices from unauthorised access
• Restrict access to company premises or specific offices
• Implement specific IT security measures that make attacks more difficult for hackers

Government safety initiatives

In 2023, the level of concern about the threat of industrial espionage, and in particular cybercrime, led to the founding of the National Protective Security Authority (NPSA), as part of MI5.  Three new offences (obtaining or disclosing protected information; obtaining or disclosing trade secrets; and assisting a foreign intelligence service) were included for the first time in the National Security Bill, which replaces the outdated Official Secrets Act of 1911. The NPSA has also provided advice for businesses on protecting themselves against threats. In addition, the National Cyber Security Centre has produced a series of guides for businesses of various sizes, as well as for individuals and the public sector, on preventing cybercrime.

A recent example of industrial espionage: DX and Tuffnells

In 2020, courier company Tuffnell Parcels Express launched a legal case against rival firm DX Group, accusing it of corporate espionage.  A Tuffnells traffic clerk was allegedly asked to leak confidential corporate information by a DX Group employee in exchange for a £50 payment from a delivery driver. While a settlement was eventually reached, and DX has not admitted liability, this incident has damaged the company’s reputation and its shares initially plummeted by 11% following the claim.