The psychology of IP risk management
The psychology associated with risk:
There are a variety of psychological factors which influence how people react to risks. Research conducted on this topic has helped to understand people’s risk perceptions; how “rules of thumb” influence how people evaluate risk; how risk perceptions influence people’s concern about risk; and how optimistic biases influence how people react to risks. Some of the key learnings are as follows:
People assess the frequency or probability of a risk by the ease with which instances or occurrences of that type of risk come to mind.
People assess risks starting from some initial starting point, from which they then adjust to a final point as they complete their analysis. This initial starting point is called the ‘anchor’. Not everyone has the same anchor or starting point.
When asked to rate their chances of being adversely impacted by a risk, more people tend to rate their own chances as above average. They believe that negative things are more likely to happen to other people and positive things are more likely to happen to them.
People interpret risk information in a self-serving manner. People think that signs of a risk materializing happen early, and if they have not seen any signs, then the risk is not going to happen.
People employ ‘ego-defensive’ mechanisms to downplay their risks. People who are engaging in risky behavior or are exposed to risks will downplay their risks and give reasons to justify their behaviors, which are often ineffective precautions.
People tend to under-estimate the impact if they fall victim to some unfortunate event. So they are inclined to ignore the risk, thinking that even if it does happen, they will be able to cope.
People believe they have more control over a situation than they really do.
What has this got to do with intellectual property?
Risk is the chance of something going wrong, and the danger that damage or loss will occur. By its very nature, there are both rewards and risks associated with IP. For anyone involved in IP, then IP related risks are part of working life.
Any business professor will tell you that the value of companies has been shifting markedly from tangible assets, "bricks and mortar", to intangible assets like intellectual property in recent years. Research has indicated that intangibles now account for about 80% of the total value of many companies. There is no data available on the scale or size of the risks associated with IP facing companies, but one can assume that it is significant, and probably around this 80% mark.
Not all IP risks are the same and they may be broken down into a variety of different categories, such as the form of IP involved (e.g. patents, trademarks, copyright, trade secrets, etc.), the source or origin of the IP related risk, the impact and probability of the IP risk, the date when the risk is likely to materialize, the geographical nature of the IP risk, whether they are generic or specific in nature, the group or sub-group within the organization most impacted by this risk, etc.
I would argue that every organization faces IP related risks.
So how do companies react to IP related risks?
Based on my own personal experiences over the past dozen or more years working in the IP sector, interviews with a number of knowledgeable IP professionals in recent times as well as some benchmark data gathered from various IP change projects I have conducted, I suggest that there are three different approaches being taken by companies when it comes to IP related risks:
Denial is the refusal to accept or believe that the organization faces any IP related risks. It may seem strange that companies would embrace such an approach but many do. However if we look back at some of the psychology associated with risk, perhaps this denial mode is then easier to understand.
Perhaps such companies find it difficult to find instances or occurrences of IP related risks that come to mind. Perhaps their ‘anchor’ or starting point is different from others. Perhaps they believe that negative things associated with IP only happen to others. Perhaps because the IP related risks are not happening now at this moment in time, they can be dismissed. Perhaps they see no early signs of IP related risks.
That said, denial is listed as an immature developmental defense along with delusion, distortion and projection in the Diagnostic and Statistical Manual IV of the American Psychiatric Association. It is therefore not an approach I personally would suggest for addressing IP related risks.
In reactive mode, the behavior of the organization is not internally motivated but manifests in response to a situation or the actions of others. When an IP related risk materializes, then and only then does the organization react. Reactive change occurs when an organization makes changes in its IP practices after some threat has already occurred. Reactive aims to deal with the consequences of an IP risk.
However, operating in reactive mode has some major drawbacks, in that many solutions to help mitigate IP related risks are ‘off the table’ once the IP related risk has materialized. It is very difficult to take out house insurance if your house is already up in flames.
Reactive mode is sometimes referred to as firefighting, the emergency allocation of IP resources, required to deal with an unforeseen IP problem. Just as in the real world, there is an assumption that "fires" are unpredictable and that they must be dealt with immediately. However, a too-frequent need for emergency IP action may reflect poor planning, or a lack of organization, and is likely to tie up valuable IP resources that are needed elsewhere.
When IP related risk work consists almost entirely of fighting fires, rather than dealing with things in a rational, prioritized manner, and devoting some time to medium-term and long-term issues, then a serious problem can arise. The problem is, that once you are in firefighting mode, the lack of medium and long-term focus just causes more IP fires to pop up down the road. Hence, it is a vicious cycle, and it can eventually wreak havoc on the morale of the overworked IP resources. Also, stress related to continuous firefighting becomes an issue of concern.
To keep firefighting to a minimum, the proactive approach is recommended, which includes the attempts to foresee, and protect against, such IP related emergencies. I fully accept that there are instances in the world of IP when the reactive mode is the only option but it should not become the norm.
Proactive behavior involves acting in advance of a future IP situation, rather than just reacting. It means taking control and making things happen rather than just adjusting to an IP situation or waiting for something to happen.
Organizations that operate in proactive mode are those that treat IP risk management with the same level of professionalism as the other core IP processes. They work to identify IP related risks early; conduct analysis of potential risks; prioritize these IP related risks; and then take the appropriate IP risk mitigation actions if and when needed.
Companies that operate in this proactive mode also tend to have an established network of specialists IP risk solution providers, such as defensive aggregators, IP insurance providers, anti-counterfeit specialists, etc.
The psychology associated with risks says that powerlessness makes any risk feel scarier. However, operating in proactive mode empowers the organization as people are typically less concerned about risks that are known, observable, have immediate effects, and/or which can be mitigated against.
Once a company operates in proactive mode for a period, their ability to properly assess the impact and probability of an IP related risk greatly improves; their ‘anchor’ or starting point when conducting IP risk analysis is more realistic; they rate their chances of success more sensibly; they avoid interpreting risk information in a self-serving manner; they drop any ego-defensive mechanisms; they are more honest when assessing their level of control; and last but not least they just become better at mitigating IP related risks.
Yes I am huge fan on this proactive mode. Proactive mode is about taking preventative measures, ideally aiming to stop the IP risk before it happens. It is about prioritizing risks, prioritization being a combination of the possibility of the risk occurring and estimating the impact. It is however not just about analyzing the possibility that some risk will actually occur, but also making sure they have a recovery plan in place, and that the recovery plan has been stress tested.
Companies need to operate in proactive mode, carving out time in their schedule for IP risk management, and taking responsibility to ensure that they have a good fit for purpose IP risk management process in place underpinned by a robust IP risk management tool.