Cyber Risk in the Life Sciences Industry

The life sciences industry is particularly vulnerable to cybercrime, given the pervasiveness of the electronic storage of high-value assets such as intellectual property and personal health information. Research by the Ponemon Institute reveals a 125 percent increase in cyber-attacks over the last five years, and experts predict that it is only a matter of time before a large-scale attack occurs.

Improving Cybersecurity in Your Life Sciences Organization

Recognizing the importance of cybersecurity in protecting against crime, the U.S. National Institute of Standards & Technology released a voluntary Cybersecurity Framework in February 2014 to provide guidance on effective risk management. Following is an outline of the Framework’s five core functions:

1. Identify cyber risks

Identifying risks to your organization involves cataloging your assets and determining how they could be affected by a cyber-attack. For many life sciences organizations, loss of confidential corporate information is the most prominent cyberthreat. Data breaches are also an issue of particular concern to organizations that handle personal health information and must comply with HIPAA and HITECH regulations.

2. Protect against threats

Protecting against cyberthreats requires a multi-layered approach to security across your organization. Simple steps such as controlling access to and encrypting valuable and vulnerable information, providing security awareness training to employees, critically reviewing third-party vendors and transferring cyber risk to insurers can decrease your likelihood of becoming a victim.

3. Detect breaches

Continuous monitoring offers a coherent view of cyber-activity across your organization and deters counter-productive behavior. It also helps address threats posed by insiders who may perpetrate or facilitate cyber-attacks.

4. Respond to incidents

Cyber risks can never be entirely eliminated; some must be accepted and planned for. Advanced incident-response planning can help you respond to cyber-attacks in a way that limits damage and reduces recovery costs.

5. Recover capabilities

Research by the Ponemon Institute also shows that the average cost of a data breach to an individual life sciences organization is more than $2.1 million. The majority of these costs are associated with reputational loss, compliance fines, forensic investigations, and identity monitoring and protection. Implementing a disaster recovery plan that allows you to maintain or quickly resume your operational capabilities can help reduce your costs should a cyber-attack occur.

Cybercrime is one of the most significant risks your organization faces. Taking a proactive approach to cybersecurity will not only help protect against these risks, but also potentially ensure your regulatory and legal standing should compliance with the Cybersecurity Framework become mandatory in the future.