Code42 Software, Inc., the Insider Risk Management (IRM) leader, today released its 2023 Annual Data Exposure Report (DER): Life Sciences Sector. The study, conducted by independent enterprise technology market research expert Vanson Bourne, found that Life Sciences companies, including medical device manufacturers, biotech and pharmaceutical companies, are experiencing increasing rates of insider-driven data loss events. Faced with this growing threat, Life Sciences leaders are prioritizing modern data loss prevention strategies, which are proving effective.
Though data loss from insiders, or Insider Risk, is pervasive across all industries, it is uniquely damaging for companies in the Life Sciences sector. These companies handle a wealth of sensitive information, such as patient data, product designs, formulations, trial results, and manufacturing details. Protecting sensitive data from unauthorized access is vital to maintain a competitive edge and ensure uninterrupted business operations. Failing to do so results in expensive litigation processes, reputational damage, and most importantly, lost business opportunities.
In one recent example, biotech firm FibroGen filed a lawsuit against two former employees who allegedly used proprietary information to kickstart their own biotech company. The rival company founded by FibroGen’s ex-employees, Kind, initiated clinical trials for their biotech compound just six years after establishment – a remarkable accomplishment that FibroGen claims would have been impossible without the alleged theft of their company’s intellectual property. This case is a poignant reminder of the immense potential for Insider Risk to disrupt business operations, limit growth opportunities, and negatively impact the bottom line. Life Sciences companies that want to preserve customer confidence, protect valuable intellectual property and maintain their competitive edge, must address the growing issue of data loss from insiders.
Despite suffering fewer insider-driven events than other industries, data loss incidents are on the rise
Compared to other industries, there are fewer recorded insider incidents in the Life Sciences sector. Businesses in this sector suffer an average of 20 incidents per month, lower than other industries such as business and professional services (38 events per month) and energy, oil, and gas (28 events per month).
However, nearly 70% of Life Sciences respondents have seen an increase in data loss incidents caused by insiders over the past year, and they expect to see even more incidents in the coming 12 months.
Life sciences leaders are prioritizing IRM
CISOs of the Life Sciences industry comprehend the pressing nature of this issue, with nearly 4 out of 5 (78%) stating that they have a program dedicated to Insider Risk or threats.
The study also found:
- About half (48%) of respondents say that the leadership team places enough attention on data loss from insiders.
- Of the 22% of respondents that do not have a program dedicated to Insider Risk, 80% say that their company plans to implement a program in the next 12 months.
- 69% of respondents expect their company’s budget for IRM to increase over the next year.
Data loss from insiders ranked as a top challenge
Survey respondents for the DER ranked insider-driven data loss as one of the most difficult types of threat to detect within their environment, almost equal to malware and ransomware.
In ranking the data security challenges they are most concerned about when protecting against data loss from insiders, Life Sciences respondents identified the following:
- Corporate espionage
- Visibility of data in cloud apps
- Password-related risks
Security awareness needs improvement despite frequent employee training
Although 60% of Life Science companies conduct data security training on a routine basis (weekly or monthly), most survey respondents (86%) feel that improvements are needed in data security training at their company.
Life Sciences leaders know the critical importance of protecting their sensitive information and are taking steps to protect it. While they may be experiencing relatively fewer data loss incidents compared to other industries, they still carry a significant level of risk – experiencing nearly one insider-driven data loss incident per day. Companies must implement a comprehensive and holistic solution to address the multifaceted challenge of Insider Risk and mitigate insider-driven data loss effectively.
Additional Resources
- Read the 2023 Annual Data Exposure Report and the Life Sciences edition.
- Find our how Incydr solves for Insider Risk in the Life Sciences.
- Visit the Incydr data protection product page.
- Join the conversation with Code42 on our blog, LinkedIn, Twitter, and YouTube.
- Stop by our booth #2340 at Black Hat 2023.