The Costs of Espionage

By: Joshua Rovner | Spring 2026

Keeping Spies at Bay

States spend a lot of time worrying about spies, and a lot of money trying to protect themselves from espionage. They construct multilayered personnel policies to keep untrustworthy individuals from government jobs that involve handling classified information. They invest heavily in complex information systems to block access to sensitive communications. They compartmentalize secret data to mitigate the damage from foreign intrusions, much as large cargo ships use separate airtight holds to mitigate the damage from a hull breach. And they build elaborate counterintelligence agencies to defend national secrets. These agencies, in turn, conduct offensive campaigns to disrupt foreign intelligence operations directly. This is the stuff of spy-versus-spy campaigns, where intrigues often involve real human risk. All these efforts seek to ensure the integrity and confidentiality of information, based on the assumption that losing control would do serious harm to national security.

Firms have similar concerns. Commercial espionage has a very long history, and businesses have good reason to worry about protecting themselves against data theft. Many rely on proprietary information that gives them an edge over competitors. This information may be mundane (e.g., secret recipes) or exotic (e.g., breakthrough technologies). In either case, losing it to rivals could have catastrophic consequences. Another big worry is losing control of customer data, which might tarnish a firm’s reputation, causing customers to shop elsewhere for more reliable vendors. Employees might also skedaddle toward better pastures: It is no fun working for a firm that seems incapable of protecting its own information. Lower morale may lead to an exodus of senior officers and everyday workers alike, making recruitment and retention increasingly difficult.

Rather than accepting commercial espionage as inevitable, firms think seriously about how to keep spies at bay. Like states, they conduct background checks on potential employees who may have access to proprietary information. They sometimes demand that employees sign non-disclosure agreements. Large organizations pay for in-house security services to protect physical and digital data. Smaller firms hire private sector contractors, especially specialized cybersecurity outfits that promise protection against digital snooping. And like states, which choose a particularly aggressive form of counterintelligence, firms are increasingly eager to “hack back” against intruders. Not satisfied with paying for better network security and more vigilant vetting, they want to go on the offensive.

Click here to read more.