The science of security
June 24, 2019
RESEARCH REPORT
In brief
In brief
- Accenture Security conducted a State of Cyber Resilience survey featuring 4,600 executives, 200 of which were in the Life Sciences industry.
- 98 percent of respondents were the sole or key decision-makers in cybersecurity strategy and spending for their organization.
- Eleven different countries participated—Australia, Brazil, Canada, France, Germany, Ireland, Japan, Netherlands, Norway, UK, US.
Security health
Increasingly, the success of life sciences companies is about their focus on delivering value through better patient outcomes. But while this shift creates infinite new possibilities to reinvent the patient experience and redefine the future of healthcare, it also exposes life sciences organizations to new security risks.
As fast as life sciences organizations shore up their defenses, new cyberattacks are evolving—with the potential to severely disrupt existing research and development, sales and manufacturing operations.
With dozens of companies hit by ransomware in recent years, and the average cost of cybercrime for an organization increasing 11 percent in 2018 over 2017, life sciences organizations have yet to achieve cyber resilience.
Accenture conducted security research to understand how organizations, including those in the life sciences industry, can achieve cyber resilience. Here is what we found:
8 in 10
Life sciences executives are confident about their cybersecurity capabilities; yet out of 33 cybersecurity capabilities, life sciences is high-performing in just 21.
74%
of life sciences executives said that “cyberattacks are a bit of a black box, we do not quite know how or when they will affect our organization.”
87%
of life sciences executives agree that, to be truly resilient, organizations must rethink their approach to security in a way that defends not just themselves, but their ecosystems.
As key life sciences players have shown, cybersecurity is a priority—and the time to act is now.
Security is not a one-time event
Security breaches can affect life sciences organizations' profits, sales and even reputation—whether incurring data loss that results in regulatory fines, halting production or negatively impacting brand or trust.
As the rate of M&A activity continues to rise in the industry, each announcement brings with it a new security complication. For an industry wedded to its legacy systems, defending them is expensive.
Being able to prepare and recover effectively from security vulnerabilities is essential. Three areas are important for life sciences companies that want to achieve cyber resilience:
Drive business-enabled security
The CISO’s role is evolving. CISOs need to become the universal translator for cybersecurity—someone who is business-minded as well as tech-savvy.
Protect beyond your four walls
Life sciences CISOs need to build new capabilities and operating models—acting as a business partner enabling growth, rather than a cost center.
Be brilliant at—and evolve—the basics
CISOs must identify and harden high-value assets, prioritize legacy applications and transform incident response plan into crisis management plan.
View All
Security first
No matter the number of manufacturing facilities or whether a sound cybersecurity strategy has been embedded into a company’s culture, the risk of an attack to patient and product data is looming. While life sciences executives know that they can rely on regulation to help guide how they operate, it cannot ease the complexities from these new threats. As key life sciences players have shown, cybersecurity is a priority—and the time to act is now.
The time to act is now
Five actions life sciences CISOs can take to achieve cyber resilience.
VIEW FULL REPORTAbout the Authors
Subscription Center
Stay in the know with our newsletter
Stay in the know with our newsletter