The Life Sciences industry has undergone a massive transformation in the last two years. Decentralized clinical trials, new digital channels of engagement for healthcare professionals, patients and employees, remote monitoring of assets and automation – these are some of the many items that have moved to the top of the CIO agenda. While there is increased pressure to quickly adapt to a new way of working, the current enterprise architecture and IT environment create vulnerabilities to cyber-attack.
Cyber-crimes are not alien to the Life Sciences industry. For 11 consecutive years, Healthcare and Life Sciences have topped the list of data breach costs. According to the IBM-Ponemon Institute 2021 Cost of a Data Breach Report, the average total cost of a data breach in 2021 was $4.24M. That’s up from $3.86M in 2020. The average cost of a data breach in the Healthcare industry in 2021 was $9.23M and in the Life Sciences industry in 2021 was $5.04M. Several high-profile attacks in the last decade targeted the Life Sciences industry: the Dragonfly attack in 2014 (which targeted manufacturing industrial control systems); the NotPetya attack in 2017 (which was linked to the Russia-Ukraine conflict and disrupted Merck’s vaccine production, resulting in damages in excess of $1B); the WannaCry attack in 2017 (which affected the healthcare systems in 150 countries), the Winnti attack in 2019 (which affected Roche and Bayer) and the security breach of the European Medical Agency in 2020.
Due to the value of health data and intellectual property, the impact to society and the highly profitable global Life Science business, organizations have always been lucrative targets for cyber criminals. Recent developments in the last three years have expanded the attack surface even further and increased the industry’s vulnerability to cyber-attacks.
The ISG white paper Cybersecurity in Life Sciences in the Time of War and Pandemic: 5 Ways to Mitigate Risk explores the impact of geopolitical events and technology advances to the Life Sciences industry and ways enterprises can mitigate cybersecurity risk.