Corporate espionage the elephant in the board room

Corporate espionage may be running amok in North America, but nobody knows for certain how deep the problem goes because it's something businesses rarely report, experts say.

The issue was thrust into the public spotlight last week when WestJet Airlines settled a corporate espionage suit launched by Air Canada, now a unit of ACE Aviation Holdings Inc., by pledging to pay $5.5 million to its rival for legal fees and donating $10 million to charity.

WestJet acknowledged its senior executives were involved in a cyber-scheme that used secret passwords belonging to a former Air Canada employee to access confidential information from its rival. WestJet apologized to Air Canada for the "unethical" and "unacceptable" practice.

Richard Powers, assistant dean for the Rotman School of Management at the University of Toronto, said it's difficult to determine how often incidents of corporate espionage occur.

Most firms don't want to publicly admit they've been compromised, he said.
"If you admit something and go after somebody, first you admit you were vulnerable and secondly, you become a target for someone else to target and try to compromise your system, so by acknowledging that it's happened you in effect become a target," Powers said.

According to PricewaterhouseCoopers, electronic attacks result in billions of dollars in economic damage each year, and the problem continues to grow.

In the United States, the Computer Security Institute's 2005 Computer Crime and Security Survey found unauthorized access of information increased significantly last year.

Losses due to unauthorized access to information averaged $303,234 US per survey respondent in 2005, compared to $51,545 per respondent the previous year.
Theft of proprietary information also rose, with the average loss per respondent hitting $355,552 in 2005 compared to $168,529 in 2004.

The survey's loss numbers are on the rise, but Robert Richardson, the institute's editorial director, concurs there's no accurate picture of just how rampant corporate espionage is.

"A lot of companies are more interested in shutting down the leak than they are trying to go after whoever has perpetrated the crime, and in some cases it may be hard to prove the crime," Richardson said.

One of the survey questions asks respondents why they didn't report incidents of espionage to authorities.

"The winning answer, by far, is 'we thought the publicity would hurt us, and it would hurt us vis-a-vis our competitors,' " Richardson said.

Richardson said corporate espionage happens because companies are wary of what their competitors are going to do, especially with new products and new pricing structures.
The information targeted has to do with when the new product is going to launch, what kind of a price point it will have and how best to react to it.

Richard Austin, chief legal counsel for EDS Canada Inc., a global technology services firm, notes technology like iPods, camera phones and memory sticks has increased the potential and the ability to misappropriate large amounts of information. Businesses need to take safeguards, including iron-clad policy and procedures, he said.

"When we have the ability to photograph information in an office by pushing a button on your cellphone, do you have a policy saying, 'we don't allow camera phones in our office?'" he asked.

The Edmonton Journal