Theft of Intellectual Property

Amid substantial workforce layoffs

What is intellectual property?

Intellectual property (IP) can be defined as property, such as an idea, invention, or process that derives from the work of the mind or intellect1. IP can be patents, copyrights, trademarks, trade secrets, or specific work product. Each company has its own definition of IP. A company specializing in software development may consider source code to be IP, a company specializing in marketing may consider their contact lists to be IP, whereas a company specializing in consulting services may consider templates for various tasks to be IP.

Key triggers present in intellectual property theft

Human factors (e.g., entitlement, disgruntlement, etc.) combined with environmental factors (e.g., layoffs, job opportunities) can trigger pillars of the key fraud theories, the Fraud Triangle and the Fraud Diamond. The Fraud Triangle Theory is based on the idea that when pressure, rationalization, and opportunity are present, a person is more likely to commit fraud. The Fraud Diamond expanded that theory by incorporating human capability. Capability refers to someone having the necessary traits, skills and abilities to commit theft or fraud. It’s how the fraudster not only recognizes a particular fraud opportunity but turns it into reality3 . In recent news, companies in the tech space are laying off large numbers of employees which can trigger an environment where IP theft can occur. 

Theft of intellectual property

IP theft may be intentional (e.g., malicious insider or threat actor) or accidental (e.g., human error). An example of intentional theft could be an employee copying source code or taking a company client list or pricing sheet to leverage at a competitor. An example of accidental theft could stem from an employee uploading a sensitive file to an unauthorized public cloud storage website. 

Many companies have intellectual property policies that consider employee work product property of the company and not the creator(s). However, there are many examples where adherence to the policy does not happen, or the employee simply chose to ignore the policy. Below are five leading practices to minimize IP theft. 

Leading Practices

  • Properly classify IP so that appropriate steps are taken to identify and protect said intellectual property.
  • Develop and refine employee policies to make sure they outline acceptable (and unacceptable) uses of company data, as well as define company IP and other data classifications. 
  • Provide annual training to all employees that covers data classifications, acceptable/unacceptable use, and disciplinary actions should policies not be followed. 
  • Leverage DLP and other logging solutions to capture, monitor, log, review, and respond to suspicious activities. Determine that all the relevant data (e.g., logs, emails, etc.) are captured and properly retained to assist in defensible investigations. 
  • Develop a robust HR employee departure procedure that triggers additional preventative and detective use cases and preservation/logging upon employee departure notices. This will help confirm that all of the user’s assigned assets were returned, and that the physical and system access permissions are revoked. In some situations, terminated employees should have access revoked directly before the termination meeting and be escorted out of the building to best safeguard company data.

How can KPMG help?

KPMG has experience helping organizations proactively manage the risks associated with, as well as respond and recover to incidents of IP theft. From a preventative standpoint, KPMG has deep experience with assessing and maturing cyber programs from a Governance, Risk and Compliance (GRC), Identity and Access Management (IAM), Insider Threat and Data Loss prevention (DLP) standpoint; all of which contributes to the mitigation of IP theft risks.

KPMG has conducted digital forensic investigations related to IP theft cases to help companies and their outside counsel determine the scope of data removed from the company, how it was taken, and have helped prepare reporting and testimony to support civil litigation and criminal actions. In situations where IP theft is identified, KPMG can assist with defensible data deletion support to remove the sensitive information from systems.


  1.   Merriam-Webster, “Intellectual Property”, (November 17, 2022).
  2.   Association of Certified Fraud Examiners, “Fraud 101: What is Fraud?”, (November 17, 2022).
  3.   ACFE Insights, “How Fraudsters Exploit the Capabilities of Contract Employees to Conduct Their Schemes”, (November 17, 2022).

Blog Authors

Blog authored by: Tony DeSarro, Dennis Labossiere, and Joe Mazzella

Contact us

Jonathan Fairtlough

Jonathan Fairtlough

Principal, Advisory, Cyber Security Services, KPMG US

+1 213-972-4000
Anthony DeSarro

Anthony DeSarro

Director, Advisory, KPMG US

+1 404-979-2291