RIMS-WTW: Intellectual property supply chain risk warning

Corporates must take decisive action to mitigate intellectual property risks in their supply chains, according to attendees at the RIMS-WTW Risk Virtual Conference.

In a panel discussion on protecting IP in regional supply chains, risk professionals said corporates needed to take a proactive approach to protect themselves.

David Hill, regional director for risk & analytics at Willis Towers Watson, said companies needed to first get a full picture of their exposures.

“It’s absolutely imperative to understand what the exposures are, where the vulnerabilities are, what is the intellectual property that you’ve got to safeguard? What could potentially have a value for use or misuse by others?”

“It goes beyond trademarks, copyrights, trade secrets,” he added. “A lot of companies have problems because they underestimate what IP exposures are.”

He offered advice to attendees at the virtual conference.

“We encourage a very structured review to identify all of the IP assets that present vulnerabilities. The modes by which your proprietorship of that intellectual property could be compromised. Whether this is by recalcitrant staff, cyber hackers, dishonesty or other malfeasance within the supply chain and your supply chain partners.”

“So it’s absolutely essential to understand where those threats might be,” he added. “But we often see companies stumble, as they only have knowledge in one sector of the business. Today, IP spanned many different sections of the company.”

“Once these risks have been identified to a point that they can be analysed or understood in a business context, then they need to be incorporated into the monitoring and controls and into the business planning process. So that it becomes a regular ongoing review,” Hill added.

Monitor third parties

Iona Cheng, a director at Control Risks, also called for “objective and holistic assessments of risks and vulnerabilities”.

“Some companies tend to jump to conclusions too quickly. So it’s worth taking that step back and really looking at every part of your organisation and its operating environments,” she added.

Cheng said companies needed to be mindful about who they trusted with IP information and closely monitor ongoing and new third party supply chain relationships. 

“One of the areas we come back to is onboarding due diligence, and whether companies have processes for assessing their prospective suppliers or distributors before they’re on-boarded.”

Cheng said organisations needed to “trust but verify” third parties.

“Very often you get a response from commercial teams that they really trust their business partners. My advice is trust but verify. How can you go about making sure that it’s not just a box-ticking exercise?” Cheng added.