Tesla claims in a lawsuit that a software engineer employee named Alex Khatilov stole more than 6,000 scripts (which automated business functions) during his first two weeks on the job. The engineer’s defense is that he wanted only to use them while working at home, and didn’t 1) think the scripts had any business value; and 2) didn’t know using Dropbox to transfer the files was wrong.

If Tesla is right and Khatilov is lying, then he’s using the “George Costanza” defense of pretending that he didn’t know it was wrong to do what he did.

But I think there’s a reasonable likelihood that Khatilov is telling the truth. The reason is that beliefs about how industrial espionage works differs between security experts and everybody else.

People who don’t study industrial espionage assume that it’s all about a nation-state like China hacking servers at Lockheed Martin, downloading blueprints for the F-35 fighter jet, then using that stolen data to create the Chengdu J-10 jet.

Sure, that happens. But on average that scenario looks nothing like the most common forms of industrial espionage.

Here are the three ways industrial espionage is different than everyone thinks it is. Industrial espionage:

1. usually happens between domestic competitors. In fact, industrial espionage takes place among companies of all sizes and across industries. Knowing how to do something one’s competitor does better is valuable information. And because it’s valuable, there’s a market for it.

2. usually involves boring content. Yes, nation-states steal weapons designs. But that’s relatively rare. Most of the information stolen is boring AF — like personal contacts, customer lists or data that facilitates business or manufacturing processes.

3. is usually an inside job. Theft of trade secrets can happen during interviews with people currently or formerly working at competitors. It can happen during due diligence investigations before possible acquisitions (Silicon Valley giants specialize in stealing the secrets of startups during acquisition talks, and then they create their own product instead of acquiring). But usually an employee discovers during their normal line of work that they have access that could be valuable to them personally, either at their next job or if they sell the data.

If you’re a security specialist, then what Khatilov did looks exactly like the most common form of industrial espionage. But if your knowledge is “average,” then grabbing boring scripts for use at home via Dropbox looks nothing like industrial espionage.

I don’t know who’s right or wrong in this case (and I hope I’m not called to testify based on this post) but I do know that one of the challenges of preventing industrial espionage is that most people have no idea how it usually works.