Intellectual Property (IP) Strategies for Cybersecurity Innovations

March 11, 2022
By Joanna Ma and Ahmed Elmallah

This article is the first in a series discussing intellectual property (IP) strategies for cybersecurity-related innovations.

Over the past decade, technological advances have drastically evolved our daily engagement with technology. The COVID-19 pandemic also jump-started many organizations’ need to adapt (and for some, to establish) their internal and external digital infrastructure to transition to remote work or to adapt a brick-and-mortar business to e-commerce. As we further integrate into the digital world, the risk of encountering cybersecurity threats grows due to vulnerabilities stemming from aging internet platforms and deliberate attacks. There is a growing community of start-ups and small and medium-sized enterprises (SMEs) offering innovative cybersecurity technology to address these threats. Having an IP strategy that is aligned with their business goals is crucial for these start-ups and SMEs to retain their competitive edge.

Patent Protection for Cybersecurity Innovations

Patents can be one of the most powerful IP tools for technology companies – whether for an offensive or defensive purpose. In the cybersecurity space, patents can be used to protect new and inventive systems and processes to counteract cybersecurity threats. Innovation in this space can relate to new or improved access control and authentication, monitoring of software and data that reduce bandwidth and/or storage requirements, or protection of hardware against malicious attacks.

When considering whether to pursue patent protection, companies should consider the value of the technology to the overall business and the business cost should their competitors be able to copy their innovations unhindered. Having a patent portfolio targeting high-priority technology can increase the valuation of the business as well as enable a stronger position during cross-licensing negotiations.

In many cases, cybersecurity innovations are often driven by software-based solutions. Although patent law is jurisdictional, developments in the US often serve as guidance for the treatment of software patents worldwide. Despite the uncertainty on software patents following the U.S. Supreme Court’s 2014 decision in Alice Corp. v. CLS Bank International, subsequent jurisprudence and Patent Office guidance on this topic has helped patent applicants navigate the software patent space (see related article here). Software-driven innovations can be protected by patents, but it is important that the innovation be framed as a technical solution to a technical problem to minimize objections alleging ineligible subject-matter by the Patent Office. It is also helpful for these types of patent applications to be prepared in a way that they are assigned to US Patent Office Art Units relating to cybersecurity, such as Art Units 2431 or 2491 related to “Information Security”. This can help ensure that Patent Examiners knowledgeable in this space are assigned to review these cases. In contrast, software patent applications that end up in Art Units 3620, 3680 and 3690 (relating to “Business Methods”) often face tremendous ineligible subject-matter hurdles.

Balancing IP Protection between Patents and Trade Secrets

Another type of IP often suitable for cybersecurity innovations is trade secrets. Trade secrets can offer protection for any information that may have some commercial value, such as data, algorithms, business practices and others. Although the law on trade secret protection varies by jurisdiction, the general guidance requires the owner of the trade secret to take all reasonable efforts in protecting the trade secret from being accessed by unessential personnel.

Some benefits of this type of protection include the lack of any government registration process and any requirement to disclose technical details of the innovation. There is also an indefinite period of protection with trade secrets. On the other hand, limitations of trade secret protection can be severe–most significantly, protection ceases once the innovation becomes public information (whether by inadvertent or deliberate means). This type of protection would also lose value if a third party happens to independently develop and patent the trade secret.

A good balance for innovators of cybersecurity solutions is to rely on trade secret protection during the early development stages of their software-driven solutions by keeping technical details confidential and on a strictly “need-to-know” basis. As the technology matures, these innovators can evaluate the value of the technology in view of the competitive climate to decide whether the patent route requiring a technical public disclosure of the innovation is warranted.

Final Remarks

Not every innovation must be protected by patents. An effective IP strategy is built on an understanding of the business risks and trade-offs between patent and trade secret protection. There is never a one-size-fits-all IP strategy but due to the fast-paced nature of cybersecurity technologies, innovators in this space must be mindful of protecting their IP early to secure their competitive edge.

Subscribe to our newsletter

You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This site is registered on as a development site.