Rhys Munzel

Rhys Munzel

In recent months it seems there is a new major cyber attack in the news every week. A cyber attack can inflict severe financial and reputational damage to a business and its clients, particularly where the attack results in a leak of private data and critical business insights. This article explores the potential knock-on impacts where a leak relates to the unpublished details of an invention.

What are the risks?

Any leak of unpublished invention details can seriously affect the ability of a business to protect intellectual property in the invention, such as by obtaining patent protection.

The patentability of an invention is generally assessed against information published prior to the relevant patent filing. That is, where sufficient details of an invention are published prior to a first patent filing then, generally speaking, the patent filing is invalid. This becomes an issue if a ‘hacker’ releases leaked invention details publicly, such as on an open website, before a business has had the chance to file for patent protection.

Another issue which may arise involves the hacker, having obtained leaked invention details, electing not to publish those details but rather make their own patent filing to ‘beat you to the punch’. This creates an issue of who has the better rights to the invention, noting this is generally the first party to file.

So, can anything be done?

We should immediately note that there are commonly available (depending on the jurisdiction) steps that can hopefully rectify issues such as those above.

In respect of any earlier publication by a hacker as contemplated above, Australian law (for example) provides a ‘grace period’. Under this an earlier publication based on leaked invention details can be effectively ignored for patent prosecution purposes, provided you file a complete patent application within 12 months of the publication. However, it would be difficult to prove that the earlier publication was the result of a cybersecurity breach and not just a coincidence that someone else had the same idea. We further note that grace period provisions are neither uniform nor universal worldwide.

In respect of any earlier patent filing made by a hacker pursuant to a cybersecurity breach, Australian law (for example) provides a mechanism to dispute the ownership of that earlier patent filing. That is, you can dispute whether the hacker is rightfully the owner of the patent filing given the hacker ‘stole’ the invention through a cybersecurity breach. Again however, the existence of the earlier patent filing would present an evidentiary burden to demonstrate that the hacker was not the inventor and did not arrive at the invention independently.

Separately or in addition, where information is leaked due to a breach of confidentiality or some other form of wrongful conduct, the business may be able to seek legal remedies. These may include damages or injunctive relief to prevent the further dissemination of leaked details

Action to take now

The long and short of it is that the leak of unpublished invention details can significantly impact the value of a business, such as by affecting its ability to obtain a patent over the invention. While there may be legal steps to deal with a leak and ensure continued ownership of the intellectual property, none are as easy or simple as preventing the leak in the first place. Businesses need to take steps to protect their trade secrets, though this becomes increasingly more difficult when considering the cyber threats. Unfortunately, as technology evolves, so do the attacks. We are seeing smarter cyber attacks every day, which are increasingly harder to identify.

You can, and should, of course also take out insurance to protect your business in the case of a cyber attack. Cyber insurance policies typically cover a range of losses, such as costs associated with investigating and repairing the damage caused by a cyber attack, business interruption losses, legal fees, and extortion payments. Some policies may also cover fines and penalties resulting from a data breach. It’s important to note though, cyber insurance policies vary in terms of coverage, exclusions, and deductibles. We advise you carefully review and compare policies to ensure you are happy with the level of cover.


If you require assistance with any aspect of a patent or patent application, contact our team at FAL IP.

The contents of this article do not constitute legal advice and should not be relied upon as such. If this article pertains to any matters, you or your organisation may have, it is essential that you seek legal and relevant professional advice. 

Interested to find out more? Feel free to contact us today.