Security Culture and Awareness coordinator imec Leuven, Vlaams-Brabant, Belgium
In research and development (R&D), innovation flourishes through multidisciplinary collaboration and open information sharing. However, protecting sensitive intellectual property and maintaining confidentiality is essential for building trust—this creates a paradox at the heart of collaborative high-tech research in the semiconductor industry.
Due to this paradox, traditional corporate cybersecurity approaches, which often adopt a one-size-fits-all model, are frequently ineffective in R&D environments. These methods can even impede the rapid, cross-organizational experimentation that drives breakthroughs and fosters innovation. Research projects often evolve quickly, involve new partners, or explore untested technologies, all of which require adaptable cybersecurity measures.
Drawing on real-world experiences and case studies, we will explore how to design an adaptive cybersecurity approach that promotes both security and innovation. At imec, our security strategy prioritizes adaptability, allowing us to safeguard trust while fostering collaboration with our research partners. Each R&D project presents unique challenges: some involve bilateral partnerships that handle highly sensitive partner intellectual property (IP), while others are publicly funded collaborative efforts with universities. Many projects span diverse ecosystems comprised of industry and academic stakeholders, highlighting why one-size-fits-all cybersecurity solutions do not adequately address the varying needs of such research environments.
To tackle these challenges, we have aligned our cybersecurity strategy with our business innovation goals. This alignment guarantees that our security measures are tailored, risk-driven, and conducive to trustworthy collaboration rather than obstructive. A central aspect of our approach is the human element. We emphasize the importance of investing in cultural change and awareness programs that view researchers as key enablers of security, not as obstacles. Effective R&D security should strive to balance open collaboration with necessary confidentiality, as it is fundamentally based on mutual trust among collaborators. When trust becomes an operational asset, security cannot rely solely on technology. By fostering a culture of shared responsibility and equipping staff with the right knowledge and tools, we transform the perceived "weakest link" into a strong first line of defense. Researchers are encouraged to incorporate security best practices into their work, trusting that security policies exist to facilitate safe innovation rather than hinder it. This trust-centric culture aligns with modern security frameworks: while "zero trust" architectures verify every access attempt, we assert that genuine R&D security is also rooted in mutual trust among collaborators—a principle that technology alone cannot fulfill.
Finally, we will demonstrate how these adaptable security measures enable safe information exchange without impeding research progress. These measures are designed to be flexible, scaled to the sensitivity of each project, and compliant with regulatory requirements, thus preserving agility in research. In conclusion, our presentation emphasizes that protecting innovation in high-tech R&D necessitates a project-sensitive, human-centric approach grounded in earned trust—not just a zero-trust model. By providing security that is human-centric and built on trust, we will demonstrate that innovation and security can coexist successfully.