The biggest threat to your company’s intellectual property (IP) is most probably lurking within. A recent 2025 Ponemon Institute survey of 349 organisations globally found that 80 percent of security incidents came from internal sources, with more than half or 55 percent, due to employee negligence, and a quarter resulting from malicious intent.
CIOs and CSOs take heed: even as new technologies bring new challenges, the most dangerous breach may still come from someone with a company ID badge.
Early intervention and sustained vigilance are the only real defences against the high cost of employee-driven IP theft. The responsibility lies squarely with employers to implement strong technical, procedural and legal internal safeguards.
Failure to do so can lead to costly and long-drawn court battles.
One of the best illustrations in Singapore is the recent case of Koh Keng Leong Terence v Zhang Changjie [2023] SGMC 96, an errant ex-employee named Zhang Changjie who stole thousands of his then-employer’s files containing proprietary data and confidential information. It took the company, Genk Capital, five years to secure a criminal conviction against Zhang for an offence under the Singapore Computer Misuse Act.
To protect their organisations from intellectual property (IP) theft, here are five things every CIO or CSO should bear in mind.
#1: USB blocking alone won’t stop data leaks
Blocking USB ports is a good first step – it stops employees from plugging in flash drives or smartphones to siphon data or install malware. But in today’s hyper-connected world, it’s nowhere near enough.
Take Genk’s case: Zhang didn’t need a USB stick. He walked into the office on a quiet Sunday, zipped up thousands of proprietary files, and simply emailed them to himself. No USB required.
The lesson? Insider threats don’t need physical devices; they exploit digital blind spots. That’s why USB blocking must be paired with smarter tools such as Secure Email Gateways (SEGs), which scan email content and attachments to catch sensitive data before it slips out.
#2: Data loss prevention tools are only useful with reporting and alerts
Data loss prevention tools are only as good as the visibility they provide. If they’re not configured to generate regular reports and trigger real-time alerts, they’re just expensive shelfware.
Reporting helps retain critical audit trails and cuts through data noise, especially when employees try to cover their tracks. Instant alerts allow companies to respond to breaches as they unfold, not weeks later.
Genk learned this the hard way. After stealing Genk’s files, Zhang covered his tracks by deleting the stolen Zip folders from his work computer. Genk did not know anything was amiss until market chatter suggested Zhang, then at competitor Megawell 2SP (which was later absorbed by trading firm Theme International Trading), was offering to trade in the same manner he had while at Genk. Only then did the company bring in a forensic investigator who uncovered evidence of Zhang’s data theft.
In other words, the breach wasn’t discovered through internal controls. Genk was fortunate that it managed to act in time, but this is not always guaranteed.
The message is clear: if you’re relying on hindsight to detect IP theft, you might already be too late.
The work computer used by Genk’s employee Zhang Changjie to steal the company’s data. This was used as evidence in a court exhibit that led to his criminal conviction.#3: Audit trails win legal battles
Even the best security systems can be outsmarted by a determined insider. That’s why companies must prepare for the worst by building their legal case before a breach even happens.
Robust audit and forensics tools are essential. USB monitoring and auditing software can flag attempts to bypass blocks. SEGs can detect data leaks.
These tools don’t just deter; they document. Without them, companies are left scrambling. In Genk’s case, the absence of proper audit logs meant hiring forensic experts to painstakingly reconstruct Zhang’s digital footprints – a process that took months and cost dearly.
#4: Signed policies are your first line of legal defence
Most employees don’t know the rules and will often claim they didn’t break them. That’s why every company must clearly define and document what employees can and cannot do with their data, IP and confidential information.
Spell out the boundaries between personal and company data. Label sensitive files. Most importantly, get written acknowledgements. Signed policies and NDAs aren’t just paperwork – they’re legal safeguards.
In court, Zhang argued that Genk’s confidential trading data was his own and claimed ignorance of an NDA he had signed with Genk. But the signed agreement told a different story, and the court ruled he was aware of the limits of how he could access and deal with Genk’s data.
The takeaway? If you want your IP protections to hold up in court, have your employees sign on the dotted line.
#5: Trust is not a control; people are usually the weakest link
You can build the most secure systems in the world, but if the wrong person has access, none of it matters. Technology is only part of the equation. The real risk lies with people.
This is why access controls must be reviewed regularly, especially for sensitive data and confidential information. Enforce strict privileged access, monitor it in real time, and reinforce accountability through clear policies, ongoing training and regular reminders.
It is impossible to predict insider threats. Genk trusted Zhang. The company hired him straight out of university, invested in his growth and even paid for his executive coaching. He was the last person they expected to betray them, until he did.
Zhang’s defection and data theft serve as a stark reminder that insider threats are unpredictable, and trust alone is not a safeguard. Cybersecurity must be a living process: constantly reviewed, reinforced and never taken for granted.
Lim Ren Jun, Principal, Baker McKenzie Wong & Leow, a global law firm.
