Cybersecurity Patent Landscape – 2021


By Ed Mantilla

State of Affairs

The first half of 2021 has seen an uptick in cybersecurity threats.  In May, for instance, the Colonial Pipeline announced its operations had been halted because of a ransomware incident that shut down the main pipeline and smaller pipelines. In another example, the largest beef supplier in the world was hacked in May by REvil, one of several Russian-speaking hacker gangs, leading to meat plants across the U.S. and Australia shutting down for at least a day.

One potential cause of increased attacks, especially ransomware attacks,[1] is that more companies are choosing to pay the ransom to hackers to retrieve their data.  Companies electing to use cryptocurrency to pay ransoms also allows for more anonymity in these sorts of transactions that are criminal in nature. Another reason for this uptick may be an increasingly remote workforce.  Relocating the workforce from one location to the other does not decrease the potential for cybersecurity issues.  In fact, the increased use of internet resources is directly proportional to the amount of available opportunity for cybercriminals to cause havoc for any institution foreign or domestic.

Cybercrime is a trillion-dollar drain on the global economy, according to a new report from cybersecurity firm McAfee.[1]  Losing money and intellectual property remain the biggest threats and are among the most damaging effects of a cyberattack. But the effect on a company’s productivity also looms large.  For Colonial Pipeline, besides the cost of the ransom of around $4.4 million dollars, consumers in the southeastern part of the US experienced long lines at the gas pump as this attack prevented the company from transporting close to 2.5 million barrels per day of gasoline, diesel, and jet fuel from Houston to New York.[2]

Spending continues to increase on research and development efforts in cybersecurity.  ETSI (European Telecommunications Standards Institute) Standard TR 103 306 defines cybersecurity as the following: “Collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.” [1] To illustrate, spending on cybersecurity research is projected to reach $150.4 billion this year. [2] With so much spending in these activities, companies need to also to increase their efforts into the protection of all new technology coming from the cybersecurity pipeline.

Cybersecurity and Intellectual Property

Patent Trends


Along with R&D spending in cybersecurity, there has been growth in the number of patent applications in the cybersecurity industry at the United States Patent and Trademark Office (“PTO”). Due to this increase, the PTO is dealing with a backlog of applications, which means that a patent examiner does not look at an application until approximately two or three years after the filing date. In turn, a patent could remain pending for up to four years. As an example, a good portion of cybersecurity applications land in Technology Center (“TC”) 2400 at the PTO.  The graph below from the PTO shows the trend in average pendency of an application at TC 2400 [1]:

Based on this information, it is likely that an application in TC 2400 would not be subject to examination for at least 2 years from the filing date.  Depending on the subject matter of the application, an applicant may consider expediting the examination process through a patent application initiative called track one prioritized examination, which may provide disposition of an application in twelve months from the grant of prioritized examination status.  The best way to learn about this and other programs at the PTO for expediting applications is to partner with a patent practitioner who can assist in determining if a prioritized application would be in the best interest of the business.


A corollary to the increase in patent applications at the PTO is the rise in the number of patent litigation cases. As important as a patent filing and prosecution strategy is from the business perspective, having a patent litigation and licensing strategy is equally as important. Damage awards can be significant and could have a deleterious effect in a company’s growth.  For example, in mid-January of 2020, Zscaler agreed to pay $15 million to settle all patent infringement lawsuits filed by Symantec, just three months after Broadcom purchased Symantec’s enterprise security business. The settlement amount is just under five percent of Zscaler’s annual sales.[1] Broadcom agreed to provide Zscaler with a patent license, release, and covenant not to sue in exchange for the $15 million payment.

Recently, a Virginia federal court found that Cisco willfully infringed four of Centripetal Network patents dealing with network security functions and awarded $1.9 billion dollars in damages.[1] The court used the “reasonable royalty” approach to determine monetary damages, which is the most common in patent cases. A reasonable royalty is supposed to reflect what a willing licensor and willing licensee would have agreed to as a royalty just before the infringement began. In using this approach, the court analyzed the factors laid out in the seminal case Georgia-Pacific v. U.S. Plywood Corp.[2]

Here, the court used a previous negotiation with a different party, Keysight, in establishing a reasonable royalty (See. e.g., Georgia-Pacific Factors 1 and 2) (“the royalties received by the patent owner for the licensing of the patent-in-suit, proving or tending to prove an established royalty”) and (“the rates paid by the licensee for the use of other patents comparable to the patent-in-suit”). Previously, Keysight was granted a three year “worldwide, non-transferable, irrevocable, non-terminable, non-exclusive license to Centripetal’s worldwide patent portfolio in exchange for a $25 million-dollar lump-sum payment and a 10% royalty of directly competing products and a 5% royalty on non-competing products.”  The court applied the Factor 3 in Georgia-Pacific (“the nature and scope of the license, as exclusive or non-exclusive, or as restricted or non-restricted in terms of territory or with respect to whom the manufactured product may be sold”) to reduce the baseline royalty percentage, because the license presented to Cisco would be limited to the infringing patents instead of a full patent portfolio. The court also looked at the functionality of the infringing Cisco switches, routers, and software and determine the proportion of functions that were implicated by the infringement as a further aid in generating the royalty rate. (Factor nine – “the utility and advantages of the patent property over the old modes or devices, if any, that had been used for working out similar results”).

This form of apportionment was then applied to Cisco’s total revenues of infringing products, which yielded $7.56 billion. Applying the 10% royalty to that figure resulted in the $756 million in past damages.


As cybersecurity companies expand their research efforts, a solid patent strategy that covers not only the prosecution process, but also licensing and litigation is essential. As observed in the Centripetal Network case, prior license agreements may become relevant in a damages’ analysis. Companies should view a patent strategy not in vacuo but as part of their commercialization and growth strategies. A patent practitioner is a key ally in all these efforts.

[1] Centripetal Networks, Inc. v. Cisco Sys., Civil Action No. 2:18cv94 (E.D. Va. Mar. 17, 2021)

[2] Georgia-Pacific Corp. v. United States Plywood Corp., 318 F. Supp. 1116 (S.D.N.Y. 1970), mod. and aff’d, 446 F.2d 295 (2d Cir. 1971), cert. denied, 404 U.S. 870 (1971)




[2] “Cybersecurity priorities top spending in 2021,”

[1] “Cybercrime is now a trillion-dollar cost to the global economy,”

[2] “The Colonial Pipeline Crisis Is a Taste of Things to Come,”

[1] “Up to 1,500 businesses affected by ransomware attack, U.S. firm’s CEO says,”