Trading in information is by no means a new phenomenon. The murky underworld of corporate espionage has long been a staple of novel writers and TV dramatists. But rarely has the corporate community freely acknowledged its existence, or indeed the prevalence of a more prosaic ‘leakage’ of information from organisations – public and private – that sees customer credit card details passed to criminals, customer lists and product designs sold to rivals and individuals’ identity details exposed on websites.

As Information Age learnt while researching this month’s cover story, the growing scale of such data breaches has propelled many enterprises into a state of introspection. In recent months, for example, one of the major mortgage lenders has become, in the words of one senior manager, “absolutely paranoid” about data protection, following a recent incident in which print outs of highly private customer information was found languishing in a waste paper bin.

The alarming ease and indeed innocence with which such incidents continue to occur, even in the most meticulous, process-driven organisations, attests to the magnitude of the data leakage problem. But it also attests to an uncomfortable truth: the greatest threat to an organisation’s data security lies, more often than not, not with hackers or industrial spies but within the confines of the firewall in the form of its own personnel, be they ill-intentioned or careless. 

This is a deeply problematic proposition. After all, says Dawn Cappelli, senior technical researcher at Carnegie Mellon Engineering Institute’s Computer Emergency Response Team, “you have to trust your staff”, not only to be honest, but to be conscientious. Reconciling this operational necessity with the ongoing requirement to protect an organisation’s most precious assets – its intellectual property (IP) and the customer and partner data it gathers – is not easy.

Equally, however, the costs associated with failing to protect such data could bring far worse: just ask chemicals giant DuPont. Over recent months, it has emerged that a long-serving employee of the organisation stole IP relating to scientific research, the value of which DuPont put at $400 million. Another headline-grabbing incident came in July when a confidential 780-page technical design dossier belonging to the Ferrari Formula One team was found at the home of the chief designer for rival Formula One team, Vodafone McLaren Mercedes.

When assets of that value can leak out – and it is rare for companies to even know when that happens – careers, jobs, pensions, investments, whole companies are all at risk.