Cyber control: vital for the biotech industry

Third-Part Cyber Security (TPCS) provides a tailored portfolio of cyber services crafted specifically to meet the needs of start-ups and growing businesses in the bioindustry. In this spotlight, Kenny Boyce, Chief Executive Officer of TPCS, outlines the need for protecting intellectual property.

Why is cyber control more vital to the biotech industry than other organisations? All organisations are subject to information and cyber security threats, changes in legal and regulatory obligations as well as new and existing audit requirements. As challenging as it is to be able to demonstrate compliance with the myriad security regulations in play across the globe, experiencing a data breach brings with it quite another grade of pain and discomfort. Exactly how much harm is done to an organisation that’s been hit depends very much on how much data has been compromised, how sensitive that data is and how avoidable the breach is ultimately found to have been.

Lost a list of customer contact or payment information? Definitely not great. The necessity to report the breach to Regulatory authorities and then engage with customers to let them know what’s happened is going to be a costly and embarrassing problem. The loss of customer confidence and wider reputational impacts could well be still more far-reaching. But, for a retail or finance sector entity, would all the customers be motivated to withdraw their custom at once? Of course, that would depend on how much they value those services, whether the firm can compensate them in some way for the uninvited exposure as well as any associated personal losses and whether those customers can be persuaded that you’ve fixed the problem that gave rise to the breach in the first place. A difficult experience, for sure, but one that with the right management – in some, perhaps most, sectors – a problem that can be usually be overcome.

Why biotech faces greater cybersecurity risks 

The biotech industry is rather different.  The data the biotech industry generates, consumes and shares is very often not only extremely sensitive (expensive to create, the product of some of the finest minds and technically focused facilities on the earth, in some cases connectable to the very fabric of humanity), it’s impossible to de-sensitise once lost to an attacker.  Attacks on the bioindustry are moreover far more likely than a more standard commercial organisation to be orchestrated by a highly proficient organised crime group or indeed a Nation State. Attacks can and do happen, of course, to anyone who owns a PC, let alone a business. But consider the context. How much greater could the potential reward for an attacker gaining access to the kinds of data being handled by the biotech industry be?  Enough, we think, to amplify the attacker's motivation and in turn, the investment applied to a targeted attack by substantial degrees. 

The view from industry leaders

In speaking to our clients and well-informed experts across all sectors, we’ve yet to find anyone at a C level who sees the vulnerability of the biotech industry any differently. And for those fledgling biotech companies just starting their journey, the risk could not be any higher. 

TPCS advises that firms in the biotech industry take the proactive route. We think and recommend that by gauging your current cyber maturity, considering and acting upon the simple (and maybe not so simple) recommendations likely to come out of a cyber review, firms in the sector will reduce the cyber risk to business viability to a sustainable level.  Allowing you to understand the implications of operating as you do now and to take steps to knit the financial implications of any necessary mitigating steps into your forecasts. 

In the worst case scenario, understanding your risk will enable you to consider whether action is needed or not.

Best case, you can:

• Use the evidence collected from the assessment and the accompanying remediation roadmap as part of the pitch to your investors, showing them you’re alive to the risk and taking the appropriate steps to address it.
• Identify any clear and present dangers – the practices that expose you to a very great degree.
• Not experience a security breach.

We think the case is pretty compelling and hope very much that it’s enough to get you interested. If you do think the proposition merits further investigation, it would be great to hear from you. Contact: [email protected]