Unintentional information-drain-off may existentially endanger a company. Especially innovation leaders see themselves exposed to a notably high risk. Companies are harm-threatened by various aspects such as non-loyal staff (which according to statistics represents 60 percent of the offenders), criminal organizations, espionage by competitors or foreign secret services. The information society in which we are currently living, offers best conditions for skimming in the private sector. One aspect of this threat is skimming e.g. on fairs and exhibitions, by staff, translators or delegations. Another aspect affects violations of legal and moral codes. In addition, the employee´s private social media and internet activity is a source of harm, as e.g. a notable percentage of staff is surfing web 4.0 pages for purposes of exchanging about business content. Employees, in addition, are using corporate web-based e-mailing for private purposes on a large scale. Confidential information is also subject to skimming by use of “virtual gates” (IT-weaknesses) or is used by third parties not identified as potential threats such as e.g. IT-service-providers or camouflage companies acting as service providers and providers of authentication and encryption. In many cases of damage, the reasons are not eve asked for.
Another risk, which is commonly unknown to exist, results from files kept at public authorities. Many companies requiring public authorizations are requested to provide detailed business information. Public Acts on Access to Information (Informationsfreiheitsgesetze) are enabling anyone (!) to access public files, which may also be made use of for espionage purposes.
Another big threat is represented by espionage of competitors. A whole branch has constituted to make a living from producing, selling and implementing solutions for espionage or hacking. The risk of being spied on, therefore, is not a mere horror scenario proliferated by the media, but sad reality. However, these invisible hazards often remain underestimated or ignored. Many companies are still lacking awareness for and understanding of their digital assets. As a direct financial impact of losing such assets does often not become immediately visible, the damage linked to such events seems to be inexistent. A risky perspective. However, becoming aware for these aspects may contribute to limit both panic and resignation accordingly.
An e-mail does not even have to leave the corporate network to ruin a reputation, career, a share price or a company´s future. Already sending of content to the wrong addressee within the organization itself may result in a catastrophe. Loss of information caused by intentional or unintentional violations of safety rules, by rules not strictly enough preventing confidential information from being accessed without authorization, become a steadily growing problem. The latter especially affects confidential business information, personal information on clients and customers as well as last but not least intellectual property (e.g. source codes).
Protecting sensitive information against the loss of confidentiality and against manipulation is a demanding, complex and particularly company-individual task. Such does already originate from the broad variety of information worth to be protected (e.g. know-how-lead, recipes, construction data, pilot project data, sensitive data on partners, strategies and commercial information). The security concept required to duly protect all that data, therefore, does not only have to consider technical, but also organizational and personal aspects, as security, as a matter of fact, does not represent a merely technical, but an organizational and psychologic challenge.