Here the security measures have to be taken care for both ABC institutes as well as XYZ Inc. So the secure information has to be maintained and preserved from both the sides.
Keeping in mind that the advantages and disadvantages of using an asymmetric cipher instead of a symmetric cipher:
• An important advantage of asymmetric ciphers over symmetric ciphers is that no secret channel is necessary for the exchange of the public key. The receiver needs only to be assured of the authenticity of the public key. Symmetric ciphers require a secret channel to send the secret key—generated on one side of the communication channel—to the other side.
• Asymmetric ciphers also create lesser key-management problems than symmetric ciphers. Only 2n keys are needed for n entities to communicate securely with one another. In a system based on symmetric ciphers, you would need n(n ? 1)/2 secret keys. In a 5000-employee organization, for example, the company wide deployment of a symmetric crypto-based security solution would require more than 12 million keys. The deployment of an asymmetric solution would require only 10,000 keys.
• A disadvantage of asymmetric ciphers over symmetric ciphers is that they tend to be about "1000 times slower." By that, I mean that it can take about 1000 times more CPU time to process an asymmetric encryption or decryption than a symmetric encryption or decryption.
• Another disadvantage is that symmetric ciphers can be cracked through a "brute-force" attack, in which all possible keys are attempted until the right key is found.

Asymmetric key suits the scenario, as the ABC institute needs its information to be kept secret. When using a symmetric key, the key must be kept secret by both the parties at any cost. As the information on ABC institute is very sensitive, they cannot go for symmetric key. Any one person’s from any party if releases the key, the information will be decrypted. As an asymmetric key will have their own private key for decryption, the information can be safe and cannot be read by others. Only the concerned authority can know the private key and decrypt the information.

First, it’s better to have a secure room which we can call it as ODC, where all the research is being done. This room must have a user entry access and user validation. The access must be given to very few members who are deeply involved in research. This will help to preserve the information at least within the room. Also, only the genuine users have been given access to that room, which helps in tracking. In case if we find any problem or issue then we can catch hold of only those genuine members.
Try to block the emails that come in or go out with large attachments. It’s better to completely scan the machines and emails of the members thoroughly for every two days. Also keep track of the emails and machines of others, i.e., who is not a genuine member, but works for that company into other fields. So that in case of any doubts they will be caught in this scanning itself.
All the