This article in the Guardian caught my eye.

Two months after a visit by Chinese officials, a company in Scotland with an innovative Wave Power design was burgled. Several Laptops were stolen. The burglars went straight to the company offices on the second floor of the building, bypassing companies on the lower floors.

A couple of years later, a Chinese company with close ties to the Chinese government, started making very similar Wave Power devices.

The Scottish company is now out of business.

So, assuming that there was nefarious activity here – and that is not proven, just a series of odd coincidences – what can we learn?

Information Security is not just about protecting personal or financial information. It is also important for commercial reasons: the designs, software and business model that a company has is the heart of what the company is actually worth.

There is a cost for the loss of that information. It is not unreasonable to spend an appropriate amount of money securing that information. How much depends on the capability of any threat, and on the risk appetite of the company.

Could the information have been realistically protected against the theft of it on a laptop? Probably, thought we do not know what precautions this company had in place. Realistically, a good hard drive encryption system, tied to the TPM that is in modern Laptops, would have defeated most attackers. Good physical security, alarms, and CCTV. Lock the laptops away when the office is unoccupied. General good security hygiene.

Commercial espionage does happen.