Nowadays, organizations increasingly pay attention to protecting their data and information but at the same time the protection of their knowledge is neglected or underdeveloped in many cases. To maintain an organization’s competitive advantage, organisational risk management should pay more attention to the protection of knowledge. Scholarly knowledge management literature mainly concentrated on the facilitation of knowledge sharing and widely neglected this topic so far. In this paper we present results of a knowledge café that we ran with 18 IT professionals to investigate the current state of knowledge protection practice. It turned out that some organizational measures are applied in a rather uncoordinated manner, that only few technical measures are applied. Further, the performance measurement of knowledge protection lacks behind.