Sixty-four percent of Life Sciences executives reported that currently it takes “months to a year” to identify a breach5. Putting in place controls and performance thresholds to monitor systems is critical to mitigating impacts and improving response and recovery. For example, a biopharmaceutical company recently analyzed key business threats and translated them into a library of 80+ metrics that, in aggregate, enables visualization of whether their security program is meeting targets. This view helps both security and non-security executives keep a pulse on cyber performance.
Finally, ensuring all employees are well-trained on data protection and security helps to limit the entry points for cybercrime and improves detection. This is not a once a year exercise. Life Sciences companies have engaged in ‘advanced adversary simulations’ and hackathons to probe for vulnerabilities and test the organizations’ ability to detect and respond.
The Life Sciences industry has experienced digital disruption across the value chain, with technology solutions being integrated into all areas of business, thus increasing the volume of data and the inherent risk of cyberattack. For example, connected devices and other Internet of Things (IoT) solutions can require integration between Life Sciences companies’ and Healthcare System’s electronic medical record (EMR) platforms. This connectivity provides more gateways for malicious or unauthorized third parties gaining access to biometric data directly linked to medical records. These integrations add complexity to a rapid response when a data breach occurs.
Cybersecurity agreements should be in place with any third parties to support a coordinated response. Inefficient internal and external processes can make it difficult to stop the spread of attacks, so integrated communication across impacted business areas as well as any impacted third parties is key to enabling emergency measures.
Only 32 percent of Life Sciences executives feel that they can accurately measure the impact of a security breach.5 The definition of baseline metrics (e.g. number of exposed records) enables organizations to measure their response and certify recovery to both internal and external stakeholders. Following an attack, organizations should conduct as assessment of the attack and patch or repair vulnerabilities as required to learn from each event. Each incidence of a data-related threat should inform future response tactics, driving continuous improvement of data security.
A well-defined resilience plan will enable Life Sciences organizations to effectively respond to a data breach. Preparation and planning driven out of the C-Suite allows the business to structure an efficient and positive response that ultimately reinforces customer and shareholder trust. Demonstrating deliberate response and rapid recovery can foster rather than destroy market confidence. As the threat of disruption increases with data becoming increasingly fundamental across Life Sciences organizations, resilience emerges as not only a necessary response tactic, but as a strategy to sustain and drive future growth.
1 Accenture Cost of Cyber Crime, 2017
2 Accenture Security Index, 2017
3 CNBC, ‘Global investors lose billions to cyber attacks’
4 Ponemon Institute, Cost of Data Breach Study
5 Accenture High Performance Security Report, 2016