While loss of intellectual property and critical information (IPCI) is costly to the country as a whole – $300 billion a year – it affects different size companies differently. For small companies, who have never thought about the threat of competitive intelligence, economic espionage, or theft, and never heard of OPSEC, the likelihood is that they will simply go out of business, with no clue as to why they went bust.
With large companies, they will simply eat the losses. As one CFO said at IPCI 2007, “If you tell me I can save $50,000 in insurance costs this quarter by implementing an OPSEC program I am interested. If you tell me I will increase revenues by $75 million next quarter I don’t care: It is simply not on my radar screen.” Or, as a senior manager of another corporation put it, “So I lose $50 or $100 million, or have to close a division, why would I care? I am a $35 billion corporation, and it is simply not material.”
Startups, on the other hand are extremely vulnerable, since virtually all that they have is IPCI. This is an increasing issue for venture capital firms: Pouring money into funding a good idea is prudent. Pouring money into letting someone else benefit from your investment is less prudent.
If you are involved in startups, building an OPSEC program in from the very beginning will help assure that the value of the startup’s IPCI is held for your benefit, not the benefit of those who practice competitive intelligence, economic espionage, and theft.