One of our primary practice areas is Reasonable Measures to Protect Trade Secrets. Dr. Kursh has served as an expert witness regarding reasonable measures in several cases. He has worked on behalf of plaintiffs and defendants. He has also been the coauthor of several articles on the topic. See below, for example, for the link to an article titled “The Goldilocks and Three Bears Dilemma: Adopting Reasonable Measures to Protect Trade Secrets in the New Work Environment,” that was published in les Nouvelles, Journal of the Licensing Executives Society International.
In The Goldilocks and Three Bears Dilemma article, we explored the challenges companies face in determining how much security is “just right” when protecting trade secrets. The article highlighted the point that while strong security measures are essential, overprotecting can suppress innovation and create operational inefficiencies. On the other hand, insufficient measures may expose companies to misappropriation risks, particularly in an era of remote work and digital collaboration.
The article examined the concept of “reasonable measures,” that varies based on context, resources, and risk tolerance. It provided practical guidance for organizations, on how to balance accessibility, productivity, and security. We emphasized that trade secret protection is not just about technical cybersecurity measures but involves legal agreements, internal policies, employee training, and risk assessment.
This was all well and good, except our ongoing work in the field as well as additional research and analysis have led us to conclude that many of us may want to consider expanding the scope of the reasonable measures at our organizations to encompass more deeply cybersecurity frameworks such as ISO 27001 and NIST (National Institute of Standards and Technology).
More specifically as security threats evolve, so must our approaches to reasonable measures. While again emphasizing that reasonable measures should never be equated with cybersecurity, the rise of sophisticated cyber threats, increased reliance on collaboration, and the adoption of cybersecurity frameworks provide an opportunity for us to reshape how we develop and implement reasonable measures.
Indeed, failing to implement reasonable measures may not only increase the risk of trade secret theft it can weaken an organization’s position in legal disputes.
We are now at work researching and writing an article in this regard. Please email us at info@softwareanalysisgroup.com if you would like us to notify you when the paper is completed. (We won’t use your contact information or any other purpose.)
The article builds on our previous work by examining how reasonable measures have evolved, their integration with cybersecurity frameworks, and the reality that no system can guarantee absolute security. For a copy of our earlier article please click below:
