The cyber catch: Defending intellectual property in a rapidly shifting and classified domain

The $25 billion acquisition of CyberArk by Palo Alto Networks, just five months after Google’s $32 billion takeover of Wiz, highlights the strength of Israel’s cybersecurity industry and cements the country’s position as a global leader in the field.

In 2023, more than $3.5 billion was invested in Israeli cybersecurity start-ups, representing about 20% of all high-tech investment in the country. Worldwide, cybersecurity start-ups attracted over $18 billion in 2023, with the United States (U.S.) leading at 60% of total investment and Israel ranking second with 15%.

Dr. Eyal Bressler.

Globally, there are now over 60 cybersecurity unicorns, nearly 40 of them in the U.S. Israel follows with 12, while China has five and the U.K. only three.

According to data from the World Intellectual Property Organization (WIPO), more than 12,000 new cybersecurity patents were filed globally in 2023. The U.S. leads the field with around 4,500 new filings. In Israel, according to the Israel Patent Office, approximately 1,200 new cybersecurity patents were registered during 2023.

Unlike other fields of technology, the cyber industry is marked by an immense number of patents, cross-border litigation, and costly legal disputes that may last for years. In cybersecurity, lawsuits are not the exception, they are part and parcel of the game. In the U.S. especially, patent infringement cases in this domain often end with rulings in the hundreds of millions of dollars.

Solutions such as identity and access management, encryption, real-time intrusion detection, and cloud security all rest on layers of code and algorithms, assets whose protection is virtually a prerequisite for playing in the big leagues.

In acquisition deals, a company’s patent portfolio can be the deciding factor in whether it is bought, and at what price. In the case of CyberArk, widely recognized as the dominant global player in identity management, its patent portfolio was a key driver of the high valuation it commanded. Over the past decade, the company has registered dozens of patents in both the U.S. and Europe.

Patent registration in the cyber arena is fundamentally different from other fields, mainly due to the abstract nature of many of its inventions and the breakneck pace of change that defines it. In areas like medical device or mechanical engineering, inventions are usually tangible, which makes them easier to illustrate and explain. In cybersecurity, by contrast, most innovations are built on algorithms, software methods, and protocols, and they face a much higher bar in proving concrete technological implementation. Courts and patent offices, particularly in the U.S. and Europe, are careful not to grant protection to what they regard as purely abstract notions. Applicants therefore have to clarify how the invention is actually embedded in a computerized system and what its real-world technical contribution is.

The challenge, however, does not end with proving patentability. A patent application requires full disclosure of the invention, which in the cybersecurity arena can be a double-edged sword. On the one hand, a detailed description is necessary to explain the method’s mechanism. On the other hand, excessive disclosure may enable hostile actors to circumvent or replicate the system. Striking this delicate balance demands high drafting expertise, and at times even a strategic choice between pursuing a patent and maintaining trade secrets.

Another distinctive feature of the cyber field is its blistering pace of change. Many security solutions are outdated within just a few years, which makes it critical for patent filings to reflect that reality, moving quickly and in step with the industry’s relentless pace of innovation.

To recap, filing patents in the cybersecurity sector presents challenges that are far more pronounced than in most other industries. Innovators looking to safeguard their breakthroughs must weigh not only the legal requirements but also the rapid pace at which technologies become obsolete, the risks tied to disclosing sensitive details, and the differences across global markets. Nevertheless, a cybersecurity patent remains a vital and powerful strategic asset, which can spell the difference between success and failure for a start-up in playing field defined by fierce competition and nonstop innovation.

Dr. Eyal Bressler is a lawyer and patent attorney, and a partner at Amit, Pollak, Matalon & Co.