Introduction
Safeguarding sensitive data from unauthorized access
Though data loss from insiders, or insider risk, is pervasive across all industries, it is uniquely damaging for companies in the life sciences sector. These companies handle a wealth of sensitive information, such as patient data, product designs, formulations, trial results, and manufacturing details.
Safeguarding sensitive data from unauthorized access is vital to maintain a competitive edge and ensure uninterrupted business operations. Failing to do so results in expensive litigation processes, reputational damage, and most importantly, lost business opportunities.
In one recent example, biotech firm FibroGen filed a lawsuit against two former employees who allegedly used proprietary information to kickstart their own biotech company. The rival company founded by FibroGen’s ex-employees, Kind, initiated clinical trials for their biotech compound just six years after establishment – a remarkable accomplishment that FibroGen claims would have been impossible without the alleged theft of their company’s intellectual property.
This case is a poignant reminder of the immense potential for insider risk to disrupt business operations, limit growth opportunities, and negatively impact the bottom line. Life sciences companies that want to preserve customer confidence, protect valuable intellectual property and maintain their competitive edge, must address the growing issue of data loss from insiders.
Data loss incidents are on the rise
Compared to other industries, there are fewer recorded insider incidents in the life sciences sector. Businesses in this sector suffer an average of 20 incidents per month, lower than other industries such as business and professional services (38 events per month) and energy, oil, and gas (28 events per month).
However, nearly 70% of life sciences respondents have seen an increase in data loss incidents caused by insiders over the past year, and they expect to see even more incidents in the coming 12 months.
CISOs of the life sciences industry comprehend the pressing nature of this issue, with 78% stating that they have a program dedicated to insider risk or threats.
48% of respondents say that the leadership team places enough attention on data loss from insiders. Of the 22% of respondents that do not have a program dedicated to insider risk, 80% say that their company plans to implement a program in the next 12 months. 69% of respondents expect their company’s budget for insider risk management to increase over the next year.
Data security challenges
Survey respondents ranked insider-driven data loss as one of the most difficult types of threat to detect within their environment, almost equal to malware and ransomware.
In ranking the data security challenges they are most concerned about when protecting against data loss from insiders, life sciences respondents identified the following:
- Corporate espionage
- Visibility of data in cloud apps
- Password-related risks
- Security awareness needs improvement despite frequent employee training
Although 60% of Life Science companies conduct data security training on a routine basis (weekly or monthly), most survey respondents (86%) feel that improvements are needed in data security training at their company.
Life sciences leaders know the critical importance of protecting their sensitive information and are taking steps to protect it. While they may be experiencing relatively fewer data loss incidents compared to other industries, they still carry a significant level of risk – experiencing nearly one insider-driven data loss incident per day.
Companies must implement a comprehensive and holistic solution to address the multifaceted challenge of insider risk and mitigate insider-driven data loss effectively.