P&C Technosavvy the September 2023 issue

Protecting Trade Secrets 

Q&A with Mary Guzman, Founder and CEO, Crown Jewel Insurance
By Michael Fitzpatrick Posted on August 30, 2023
Q
There may be a lot of misconceptions, so what is and isn’t a trade secret?
A

A trade secret can be just about anything in terms of an innovation as long as it meets some criteria. Generally, it has to be developed by your organization and owned by you. It has to be not known in the field. It has to be something you put reasonable measures around to keep secret. It has to be difficult to reverse engineer, and it has to have intrinsic value, actual or potential. Typically, it must be generating revenue for your organization (or projected to do so in the future), driving your sales strategy forward, or something that is a competitive differentiator.

A trade secret could also be something that saves the organization a lot of money as an efficiency play. If you develop a manufacturing process that generates a lot less waste, that can still be a trade secret. It could be a business process, a financial algorithm, a recipe, a chemical formula, a design; any of those things can be trade secrets.

Q
Don’t patents cover these assets?
A

A trade secret by definition is not a patent. Trade secrets are the “unregistered” IP assets, unlike patents, which are publicly granted exclusive use but the specifics around what that technology does is disclosed and available for all to see (and copy if they are prepared to defend themselves, as many large organizations are). Rather, the trade secrets are valuable partly because they are not registered, therefore “secret.” That’s where a lot of the confusion lies.

A trade secret could be something many organizations would consider patenting as they may originate in R&D or engineering, though some trade secrets lie in other parts of the company, like sales and supply chain. Trade secrets retain their protection as long as they are still valuable and still secret. Generally, if an innovation can be easily reverse-engineered once it is in the public domain (when sold or used outside the company), then it will not hold its trade secret status and should therefore be considered for patent.

A strategic discussion should occur at every company, and I’m quite convinced it isn’t. The only way to enforce that patent if someone steals/infringes on those rights is to litigate for patent infringement, which is expensive and not always successful. And patents can be very expensive to register and maintain. A previously granted patent can be overturned on appeal. In other words, patents are not the answer for every invention.

On the trade secret side, there is the Defend Trade Secrets Act (DTSA) (in addition to state statutes) that gives a lot of robust protection, including injunctions, ex parte seizure, potentially exemplary damages and attorneys fees—and even criminal elements including jail time and RICO violations—if they are misappropriated by parties knowingly breaking the law.

Cyber policies do, in fact, cover corporate confidential information, including trade secrets as a digital asset; however, the policy will only pay the cost to recreate data and will not cover the potential future value of any asset nor the value of the lost time and resources you spent to develop the intellectual property.
Q
Which industries are most at risk?
A
The industries you would automatically think about as highly innovative—most of the critical infrastructure industries, including biotech, pharmaceutical, chemical companies, manufacturers, anything with the word “tech” on the back end, (fintech, agtech, insurtech, etc.) and some of the newer industries around machine learning and artificial intelligence, cryptocurrency, electric vehicles, cannabis and green energy. Defense contractors are really high risk. In fact, few industries don’t have a significant trade secret exposure.
Q
How big of a problem is theft and misappropriation?
A
It’s absolutely huge. Depending upon which statistics you read, it’s a trillion-dollar problem. Most trade secret theft is done by former employees or other insiders, but foreign adversaries are after our new technology in a big way. There have been several individual claims that have hit the multibillion-dollar number over the last few years. Ninety percent of the assets in the S&P 500 are now intangible assets. We made some assumptions that 10% to 15% of those are probably trade secrets or could qualify as trade secrets. It’s trillions of dollars in valuable innovation assets that are completely uninsured right now.
Q
Why is trade secret risk management a critical issue today?
A

There are a couple of things that are really driving it. One is the sheer volume, speed of change, and value of the assets that drive the competitive advantage for most companies. It’s kind of crazy to think that organizations don’t have a lot more people dedicated to identifying, valuing and protecting these assets.

Two, there is a proposed Federal Trade Commission ban on non-compete agreements. On the state level, we are starting to see more bans on non-competes. A lot of companies have relied heavily on using the hard hammer of these restrictive covenants to go after anybody who leaves and takes any confidential information, arguing that all confidential information is a trade secret (which is not true). If non-competes go away, organizations will have to be a lot more thoughtful about how they craft their protections from former employees. It can still be done.

Some state laws require you to identify with specificity your trade secrets before you can initiate discovery when accusing another party of misappropriation. It is becoming harder to go to a court and just say, “Everything in our toolbox that’s confidential is a trade secret, and can you give us three years to prove it.” A lot of claims are getting dismissed now on the basis that the potential plaintiff has not properly identified a trade secret while alleging that it has been stolen.

Three, directors and officers are going to be held personally responsible, via securities or derivative claims or regulatory action, for the failure to identify, value and mitigate their trade secret misappropriation risk, including potentially insuring them. We’ve seen that type of development in cyber, and we have the exact same exposure here; however, I believe a trade secret misappropriation claim of a “crown jewel” asset could result in a much more devastating drop in stock price, damage to the brand, and decrease in the overall value of the company than theft of PII [personal identifiable information] or business interruption loss. That’s because, once a trade secret is no longer a trade secret, it forever loses its protection as a unique competitive advantage.

Similarly, today VC and PE firms investing in portfolio companies largely for their innovation assets have no protection if those assets walk out the door. Trade secret insurance is the catalyst for changing that.
Q
Has insurance traditionally covered any of the risk?
A

Other than the product we rolled out, which is called Crown Jewel Protector, we are certain that there really is no other first-party trade secret insurance available.

Cyber policies do, in fact, cover corporate confidential information, including trade secrets as a digital asset; however, the policy will only pay the cost to recreate data and will not cover the potential future value of any asset nor the value of the lost time and resources you spent to develop the intellectual property. There is real value in all the money you spent making all the wrong turns during R&D, called “negative know-how.”

In the intellectual property market, 90% of the policies that exist today are third-party liability policies, meaning they cover your company if you have allegedly infringed on someone else’s intellectual property. There are a few enforcement policies out there that will just pay to fund litigation against the third party.

Q
How does Crown Jewel insure the risk?
A
First the client has to go through a robust due diligence process where we give them a blockchain software platform to identify just the meta data around the assets they believe are trade secrets. It asks them several questions to determine whether or not each asset meets the criteria to be a “trade secret,” and this documentation becomes critical evidence that will help us and the insured if we ever need to assert our rights around a covered asset. We also look at their IT and physical security and legal protections, like hiring and firing and training around trade secrets and whether they have proper non-competes or non-disclosure agreements in place. Once we determine the client has an insurable trade secret, we then insure the asset based on a pre-agreed value.
Directors and officers are going to be held personally responsible, via securities or derivative claims or regulatory action, for the failure to identify, value and mitigate their trade secret misappropriation risk, including potentially insuring them.
Q
How does the policy work?
A

If there is a suspected misappropriation event, the insured is assigned a trade secret attorney to help them in their response and recovery efforts. That attorney can initiate a forensic investigation to determine the source and scope of the “breach” or the misappropriation event.

From that standpoint it’s a lot like a cyber policy, but instead of paying for breach response expenses and credit monitoring, this policy instead pays for a team of professionals to try to go get the trade secret back before it’s too late, including the grant of a restraining order.

If we’re not successful at the recovery stage, then we pay the pre-agreed fair market value, just like a property insurance policy would pay if a building blew over in a windstorm. There are a few exceptions to this. Now we subrogate, presumably, meaning we become the plaintiff in seeking damages against the misappropriating party. At this stage, we’ve already got most of the evidence we need, which has been the biggest time and expense issue for victims of theft up until now. Crown Jewel Protector will dramatically reduce the average cost of $4.1 million and 2.7 years to trial because of the process we’ve developed. The DTSA provides unusually robust protection here, granting the recovery of multiple damages plus the recovery of attorneys fees if there is egregious behavior shown. If we’re successful and there is some overage over and above what we’ve already paid the insured, then there is the potential opportunity for them to get some of that money back, even over and above the limit that they purchased.

Q
How robust is the market right now?
A

It’s a whole new industry vertical where we are the first mover. We know it’s going to take a lot of capacity to address this kind of exposure in the market because there are trillions of dollars in uninsured assets in the S&P 500 alone. In the 2023 Aon Transformative Trends Report, it says the new IP market will be an estimated $20 billion in premium by 2030. They picked that as one of the three big growth areas in all of insurance.

One other huge benefit is that this will create a whole new ecosystem for the monetization of trade secret assets. Most companies have these assets sitting right under their noses already; they just don’t know how valuable they are. Having insurance proceeds behind the value of trade secrets as the key asset would allow the deployment of funds (from lenders) to companies that otherwise do not have valuable tangible assets that could be used as collateral to qualify for this type of financing. Our insurance could actually prevent or mitigate loan default because we are now covering a significant “hazard” risk that could cause a default. Similarly, today VC and PE firms investing in portfolio companies largely for their innovation assets have no protection if those assets walk out the door. Trade secret insurance is the catalyst for changing that.

Michael Fitzpatrick Technology Editor Read More

More in P&C

Council Q3 2024 P/C Market Survey Results
P&C Council Q3 2024 P/C Market Survey Results
More premium increase moderation, but umbrella sees effects of social inflation....
P&C Weathering Cyber Storms
Q&A with Joshua Motta, CEO and Co-Founder, Coalition
Certified Cybersecurity
P&C Certified Cybersecurity
HITRUST certification can give small to medium-sized businesses peace of mind th...