The U.S. Chamber of Commerce estimates U.S. businesses lose $180 billion to $450 billion annually due to trade secret theft. But when it comes to corporate security, companies often underestimate the risk posed by insider threats because they can be difficult to detect, are undervalued when compared to other threats, and are frequently carried out by trusted insiders.

Unlike obvious physical thefts or cyberattacks, the theft of trade secrets can occur gradually and with the use of authorized hands, making it harder to recognize suspicious activity. That’s the scary part: Insider threats are not limited to unknown thieves and well-trained, state-sponsored spies—they include negligent employees, compromised insiders, and third-party vendors whose access is poorly governed.

In addition, organizations sometimes fail to clearly identify or classify what qualifies as a trade secret, which leads to weaker protection and monitoring. Cultural factors can also play a role, resulting in managers hesitating to suspect loyal employees or investigate internal conduct.

When employees lose their jobs—particularly during sudden or poorly communicated workforce reductions—some experience resentment, financial stress, or a sense of injustice. These factors can increase the likelihood of negligent or malicious actions involving sensitive company assets.

Unfortunately, in 2025, U.S. companies laid off at least 1.17 million employees, including 127,000 tech workers. Many of these layoffs stemmed from concentrated mergers in the advertising and media, automotive, financial services, logistics and supply chain, and technology sectors. There is a heightened risk of insider threat in these sectors because employees often have access to sensitive intellectual property, proprietary algorithms, or customer data.

A mature, robust line of defense against witting and unwitting adversaries will reflect the intersection of human behavior, operational design, and governance failures. Without strong insider threat programs, companies may overlook warning signs until they discover that significant intellectual property or competitive advantage have already been lost.

Why Insider Threats Are Increasing

A significant reason why the theft of trade secrets will compete with security is basic economics. The bad actors who benefit from the stolen secrets know it is cheaper to steal another company’s data, formulas, manufacturing techniques, personally identifiable information, research and development, or source code instead of funding the work and effort themselves. Simply put, competitive pressure between companies also raises the financial value of trade secrets. Famous examples in the private sector involved secrets held by Avery Dennison, Boeing, Coca-Cola, Gillette, and RAPCO.

Recently, several converging trends have amplified the risk, including complex supply chains, data rich operations, and cultural and organizational stressors. However, two other notable trends are worth analyzing.

Artificial intelligence (AI). The world’s obsession with AI has fueled a growing risk, primarily because employees may unknowingly expose sensitive information when using AI tools to complete their work. AI systems require users to input data, documents, code, or descriptions of internal processes to generate responses or solutions. When employees input proprietary information—such as product designs, source code, business strategies, or research data—into an external AI platform, that information may be stored, processed, or used to train models, potentially exposing trade secrets outside the company’s oversight and control.

Workers who rely heavily on AI for efficiency may be less cautious about the information they share, especially if they believe AI tools to be harmless. The convenience and speed offered by AI may result in employees uploading entire documents or datasets without fully considering security implications.

Hybrid work environments. Another risk that often goes unchecked is a hybrid work environment. Before the COVID-19 pandemic sent millions of office workers home in March 2020, the risks were present although arguably manageable.

However, the risk is significant today because companies have expanded access points to sensitive information while reducing oversight of how that information is handled. Remote workers rely on personal networks, personal devices, or cloud-based collaboration tools to access company systems. Without the appropriate protections, this type of environment makes it easier for proprietary data to be copied, downloaded, or shared without detection. Reduced face-to-face supervision can also make it harder for organizations to notice behavioral warning signs.

Predictable Behaviors

When looking for risk from within an organization, the National Insider Threat Task Force model focuses on identifying abnormal human behaviors before damage occurs. Failure to spot anomalous activity ahead of time can be costly, such as when a company hires key employees from a competitor and uses them to provide company secrets.

For example, when China-based Hytera began recruiting and hiring Motorola employees in 2006, Hytera also directed the new hires to take proprietary and trade secret information without authorization. Hytera engineers used the stolen information, including source code, to develop products at a fraction of the cost that it took Motorola to develop the exclusive technology—and then competed with Motorola in the digital radio market through 2020.

In subsequent legal action, one judge found that Hytera, which pled guilty to a federal charge of conspiracy to steal trade secrets, caused Motorola to lose $214 million in profits, although the victim corporation had to pay millions in legal fees to pursue Hytera civilly and criminally. (United States v. Hytera Communications Corporation Ltd, U.S. District Court for the Northern District of Illinois, No. 20-cr-00688, 2026)

Spy hunters know that throughout history, people who betrayed their privileged access have done so for at least one of five reasons: compromise, revenge, ideology, money, or ego. These emerge from predicable human patterns, including stress, perceived injustice, unclear role boundaries, poor communication, or a culture that prioritizes convenience over controls. This is why insider threats are fundamentally a governance and risk management problem, not just a security one.

Motivations. Insiders may steal trade secrets or betray their access due to several different motivations, often tied to personal circumstances or psychological drivers.

Compromise occurs when an employee is pressured or coerced by another party—such as a competitor or criminal organization—to provide confidential information. Revenge can motivate someone who feels wronged by the employer, perhaps due to perceived unfair treatment, termination, or lack of recognition.

Ideology—the most overlooked motive—involves insiders who believe their actions serve a greater cause or moral principle, such as exposing practices they consider unethical. Money is a common driver, involving an employee selling trade secrets to competitors or foreign entities in exchange for financial gain. Finally, ego as a motive involves an individual taking sensitive information to prove his or her value, gain recognition, or demonstrate power or superiority. The inside actor may even believe he or she deserves the information or credit associated with it.

Most cases involve more than one motive—for instance, when an executive is passed over for a major promotion. As the dejected executive plots a damaging exit, the motives will likely include revenge, ideology, money, and ego. In anticipation of such situations, the information security and corporate security departments should be engaged to monitor all logical access before major promotions are announced. This is justified because of the coupling of the problem, the solution, and risk management.

Mitigation. To reduce the risk presented by insiders, such as the chance of sensitive information leaving with departing employees, there are four opportunities to be aware of.

First, organizations should use legal safeguards, such as nondisclosure agreements, confidentiality agreements, and, when appropriate, noncompete or nonsolicitation agreements. These safeguards clearly define what constitutes a trade secret and legally prohibit employees from sharing that information with competitors. Conducting exit interviews and reminding departing employees of their continuing obligations to protect confidential information can also reinforce these protections.

Second, companies should implement technical and access controls. Limiting access to trade secrets through the principle of least privilege ensures employees have access only to the information for their roles.

Third, organizations should also establish strong trade secret management practices, including clearly identifying and classifying proprietary information. When trade secrets are documented and labeled as confidential, it becomes easier to protect them legally and technically.

Fourth and finally, companies should build a security focused culture where employees understand the value of intellectual property and the importance of protecting it.

Detection and Prevention

In risk management, companies evaluate potential vulnerabilities that could harm their assets, including intellectual property, proprietary data, or trade secrets. Understanding why employees steal trade secrets helps identify, assess, and mitigate insider threats.

The motivations of compromise, revenge, ideology, money, and ego represent key insider threat risk factors. By recognizing these motivations, organizations can implement targeted controls, such as employee vetting, monitoring for unusual data access, enforcing least-privilege access, providing clear reporting channels for grievances, and strengthening security awareness programs. Risk management frameworks use this understanding to anticipate potential insider threats, reduce the likelihood of trade secret theft, and minimize the impact if a breach occurs, ultimately protecting the organization’s competitive advantage and sensitive information.

In its report Insider Threats—Effective Controls and Practices, the Financial Industry Regulatory Authority highlights that dissatisfaction, turnover, and workforce reductions increase the risk of insider threats and must be monitored as part of a behavioral risk program. An efficient and effective insider threat program is a coordinated effort that requires assistance from several departments—led by security, HR, and legal, and supported by IT, compliance, and executive leadership.

A strong insider threat program is tested regularly and meets or exceeds best business practices with access governance, behavioral monitoring, training and culture, vendor management, and incident response. Strategically, the companies that hold the line demonstrate good leadership and communication. Root cause analyses of victim companies’ postmortems usually find evidence of a lack of controls, lack of oversight, poor leadership, and minimal communication on point.

Insider threat programs are not optional for certain industries, such as defense contractors, healthcare, finance, and critical infrastructure. Given the sensitivity or necessity of the work involved, each of these sectors falls under the regulation of government agencies. Security leaders outside of these areas are highly encouraged to look to these programs and adopt the strictest compliance framework that the C-suite and board will approve and fund. Areas of focus can include duty of care obligations, data protection statutes, premise liability, contractual risk allocations, and board level oversight.

For example, look at the healthcare industry, which prioritizes the protection of patients’ health information. The strict regulations, layered security controls, and formal data governance processes applied to this sector can help other organizations better protect trade secrets.

Most of us have heard of the U.S. Health Insurance Portability and Accountability Act (HIPAA), the federal law that requires organizations to safeguard patient data through administrative, technical, and physical controls. These controls include data classification, role-based access controls, encryption, audit logs, employee training, and strict policies on how sensitive information is stored, accessed, and shared. Healthcare organizations also regularly conduct risk assessments and compliance audits to ensure protected health information is not improperly accessed or disclosed. Employees are trained to understand what constitutes sensitive information and the consequences of mishandling it.

If security leaders believe these same principles can be applied to protecting trade secrets, it’s worth asking, “How good is your trade secret program compared to the program the nearby hospital uses to protect patient data?” Security leaders looking to improve this part of a security program should begin by adopting similar governance frameworks.

Shedding Suspicion

When it comes to tackling insider threats, culture is the first line of defense. Security leaders can build and strengthen a culture of security—especially around protecting trade secrets—by building awareness, aligning security with business goals, and fostering a culture of shared responsibility rather than suspicion.

One of the biggest barriers is the belief that security measures imply a lack of trust in employees. To address this, leaders should clearly communicate that the protection of trade secrets is about protecting the company’s competitiveness, jobs, and innovation, not about monitoring individuals. Regular training and awareness programs can help employees understand what qualifies as a trade secret, why it is valuable, and how accidental or intentional disclosure can harm the organization.

Accordingly, security leaders must seek a strict framework through policies and standards, conduct threat assessments, use awareness campaigns to unlock two-way communications with employees, proactively investigate when behavioral patterns raise red or yellow flags, and partner with HR, legal, and IT. Leaders must also test insider programs with tabletop exercises and orange team deployments.

Security professionals should strive to position themselves as the leader who can see around corners to leverage everything from AI to common sense to meeting the reasonable measures standard, keeping their organization’s assets safe and secure. So, whether it’s a third-party thief or a trusted insider who breaches a company’s trust to steal a proprietary asset or otherwise inflict damage, your safeguards will assist prosecutors and lawyers to pursue justice criminally and civilly.

Thomas R. Stutler, CPP, is a senior executive with extensive global leadership experience in security, health and safety, real estate, investigations, and risk management. He has led large-scale operations for major organizations including Cadillac Fairview, Finastra, Raymond James, and the FBI. A licensed attorney and certified security professional, he offers legal, operational, and strategic expertise to highly regulated and fast-paced industries.

 

MOST POPULAR ARTICLES

1. From ‘Send Me the Video’ to Governance: How Privacy Makes Security Systems Defensible

2. Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

3. 3 Tools Providing Privacy Protections in Video Systems