What to do when an employee is trying to sell your trade secrets.

This article is for companies that have a heavy reliance on leveraging their intellectual property (“IP”) and confidential information.

In an increasingly hostile and unstable geopolitical climate, corporate sabotage / espionage has increased. For example, western tech and defence companies have suffered various attacks, including but not limited to:

• In May 2025, Russian state sponsored cyber-attack against NATO delivery of defence and technological support to Ukraine in May 2025
• In April 2025, North Korean cyber spies increased their campaign against the European defence sector
• In January 2024, Russian hackers stole emails and documents from Microsoft’s leadership using a password spray attack
• In October 2023, activist hackers stole 3,000 documents from NATO
• In September 2023, Microsoft revealed (via a report) that China has increased its cyber operations against US Defence companies.

However, it is important to note that all industries in the United Kingdom are effected by the same threats. In February 2025, there was a 150% up-tick in Chinese cyber espionage (a 300% up-tick in industrial sectors). While many companies are live to these cybersecurity issues and have installed various firewalls / cyber-security measures to protect themselves against cyber-attacks, the threat of employees being enticed by rogue states (or competing companies) is growing.

It was reported in October 2023, that Ken McCallum (the head of MI5 at the time) warned that 20,000 people in the UK had been approached by Chinese spies. He warned of Chinese espionage on UK companies on an “epic scale”.

If an employee is enticed to steal / download trade secrets or confidential information (“the Breach”) for the purposes of disclosing it to a third-party, there is a series a questions that need to be answered in the first instance.

1.Is it a trade secret, or merely confidential information?

When assessing the Breach you must determine if the information that has been stolen / compromised is a trade secret, intellectual property, or merely confidential. The courts will apply the test of Faccenda Chicken v Fowler [1987] when determining the seriousness of the breach.

An employer can ensure an employee (or former employee) keep a trade secret from being disclosed, indefinitely. Whereas, an employee cannot be restricted from using information that is merely confidential.

The court will take the following into account when classifying the information as merely confidential or a trade secret:

1. The nature of the employment;
2. The nature of the information;
3. Whether the employer impressed on the employee the confidentiality of the information; and
4. Whether the relevant information can easily be isolated from other information which the employee is free to use or disclose.

In order to be deemed ‘confidential’, the information concerned must:

1. Have the necessary quality of confidence; and
2. Be disclosed in a situation/circumstance importing an obligation of confidence.

The threshold of confidence is, therefore, much lower than that which needs to be met to be classified as a trade secret.

2.Is emergency injunctive relief appropriate?

There are various injunctions a claimant could apply for on a without notice basis. Examples include:

1. A non-disclosure order (a.k.a.: “Privacy Order”);
2. An order compelling the defendant/respondent to provide an undertaking not to disclose information;
3. An order for an injunction to restrain the publication of private and/or confidential information;
4. A search order (this involves solicitors attending premises to search for and secure relevant documents / evidence);
5. A computer imaging order (this involves a forensic computer expert to copy an image of the respondents devices, to secure evidence – there is a penal notice with such an order for respondents who refuse access to their devices for imaging).

You will always seek a Privacy Order, but it can be combined with others, detailed above.

While search orders and computer imaging orders seem attractive to ensure your future claim is as robust as possible, potential claimants / applicants must consider that such applications are draconian, and laborious to prepare.

There is a further risk to any claimant / applicant making these orders, as they will be required to provide a cross undertaking in damages. This means that the claimant / applicant promises (to the court) to compensate the defendant / respondent for any losses caused as a consequence of the order, if the order is found to have been improper. Computer imaging and search orders, therefore, have a much higher threshold than a simple Privacy Order.

Moreover, in any emergency injunctive relief, you will need to provide full and frank disclosure to the court. This includes providing information to the court that may be harmful to your case. It is a legal duty, and if applicants are found not to have given full and frank disclosure, then any order obtained could be set aside / invalidated.

When dealing with a rogue employee (or a corporate spy), it is imperative that you act quickly, as time is of the essence to prevent your trade secret / confidential information from being disclosed to a competitor, rogue state, or the public. Any undue delay will be construed adversely by the court.

Resolution: Ex-parté (i.e. without notice) non-disclosure order – restricting the misuse and/or publication of confidential information.

Further interim injunctions, such as a computer imaging/search orders can be sought at a later stage. A Privacy Order has a lower threshold, therefore, it will be more achievable to obtain in the first instance.

3.What is the claim / aftermath.

If your application for a Privacy Order is successful, then you will need to serve the claim form as soon as possible (if not simultaneously).

The return date (i.e. the hearing where the respondent will have a chance to contest the injunctive relief ordered) is usually seven days later. You will need to prepare for the hearing with your solicitors and counsel, whilst also preparing the particulars of claim for the claim you have filed (if you did not file and serve the particulars of claim with the claim form), which will be due 14 days after the filing and service of the claim form.

Your claim may be limited to breach of confidence, or misuse of confidential information if there is no evidence of whom the confidential information was going to be sold to (on top of the obvious breaches of the employee’s employment contract). However, if a third party is known, then you may have a claim for unlawful means conspiracy.

Potential claimants / applicants should therefore make best endeavours to obtain as much information as possible, as quickly as possible.

Defence and Tech Companies.

The IP that defence and (some) tech companies leverage, is strategic by its very nature.  Defence companies usually require robust vetting and have security protocols in place when hiring prospective employees. Some tech companies do, but not all. The reason why tech companies are targeted, is because their IP can have a dual-use (i.e. they can be used for both civilian trade and also for defence / militaristic purposes). The key targets tend to be early stage tech start-ups.

Considerations for businesses.

There are some practical steps that can be taken to detect early warning signs of a potential breach:

• Ensure that your systems can detect when an employee sends any document to their personal email address, or an email address outside of the corporation / competitors
• Ensure that your systems can detect whenever a user in your organisation copies / extracts data from a company device onto a USB
• Carry out a robust vetting and background check on each employee prior to employment
• Regularly check in with your employees to ascertain their happiness at the company
• Ensure all employees (and contractors / consultants) are bound by robust confidentiality clauses within their employment contracts
• Ensure you have funds in reserve for emergency legal action
• Ensure your company has suitable cyber insurance, and that your systems reflect the requirements of the policy
• Consider including ‘cybersecurity’ clauses in your contracts throughout your supply chain, where necessary
• Set minimum requirements for all employees’ passwords. It was reported in July 2025 that a 158 year old transport and logistics company was rendered insolvent as a consequence of a cyber-attack that exploited one weak password.

If you need assistance protecting your company’s trade secrets / confidential information / IP, our commercial dispute resolution team has extensive experience in successfully applying for emergency injunctive relief.