Sponsored: Craig Mounser, practice leader for medical technology and life science at Travelers, explores how the sector’s cyber vulnerabilities can be guarded against
Life sciences companies – including medical technology, digital health and pharmaceutical firms – hold vast amounts of data.
This information is highly valuable to not only patients, but also to cyber criminals. This year, the average cost of a cyber breach in the pharmaceutical sector was £3.9m. In the healthcare sector, it was £8.8m .
While these sectors experience some of the costliest data breaches of any industry, the real threat of cyber attacks against life sciences companies is the loss of intellectual property (IP).
The theft of IP can devastate these organisations, causing them to lose exclusive control over proprietary and confidential information, as well as their competitive advantage in the marketplace.
Breaches of medical records can be expensive to remediate and may lead to regulatory fines, reputational damage and loss of customer trust.
An appealing target
Life sciences companies are vulnerable to attack because they possess plans for potentially life-changing drugs and medical devices that could generate billions of pounds in revenue.
Furthermore, their IP is often shared in ways that give cyber criminals an opportunity to capitalise on it. Firms must often exchange confidential information with partners across borders and via the cloud. While this may expedite research and development, it can also expose IP to theft.
The many links in a company’s supply chain increase cyber vulnerability. If just one supplier lacks effective security controls, cyber criminals can infiltrate organisations along the chain.
Plan for the inevitable
The odds of a cyber attack are high and potential losses great, but brokers are in an important position to help life sciences clients understand their risks and proactively protect their interests.
Advise your clients to take these steps:
- Inventory network assets and identify the most critical
- Isolate sensitive information from the data and tools employees use every day and store backup data offline
- Restrict access to the organisation’s most critical data
- Use protections such as multifactor authentication and an endpoint detection and response solution
- Create a security-first culture. Suppliers, vendors and cloud providers should maintain, at a minimum, the same security standards as the business.
- Actively scan the network for unauthorised activities, including systems that remote workers download to their devices that could compromise security
- Continually update patchwork management strategies
- Use a well-defined, customised framework of standards and practices to reduce cyber vulnerability and ensure ongoing compliance. Ensure employees understand their roles and have trained backups
- Build medical devices with cybersecurity in mind from the earliest stages of design through production
- Train employees to recognise social engineering tactics, such as phishing emails and malicious links
A safety net
Even the most rigorous security measures can’t prevent cybercrime. But cyber insurance can soften the impact of an attack by helping to cover the costs and legal claims resulting from a breach.
Travelers’ technology and medical technology cyber insurance offers broad, flexible coverage options to help protect clients in the life sciences sector from damages associated with an incident, including cyber extortion, data restoration, breach notification, business interruption and reputational harm.
Policyholders can also access services to mitigate the effects of cyber risk before, during and after an incident.
To find out more, click here.