Medical device, pharma execs say hackers are targeting their companies
Nation states and activist hackers promoting a cause are believed to be the biggest threats to cybersecurity, according to a recent survey of 100 senior executives at medical device and pharmaceutical firms.
The survey, conducted by KPMG, found that 69 percent of respondents said attacks most frequently seek financial information. Another 63 percent of respondents said hackers are trying to pry out information on clinical research.
“Some nations desperately want intellectual property to support local life sciences organizations, without incurring (research and development) costs and challenges,” says David Remick, a life sciences specialist and partner at KPMG.
Respondents said several key security gaps exist that make them vulnerable, and work is continuing on trying to close those gaps. For example, medical device manufacturers say they’re seeking better cybersecurity technologies and a more comprehensive strategy on data collection and protection.
By contrast, respondents from pharmaceutical companies see stronger security processes as the biggest need, followed by improved security tools.
However, adding security staffing was a priority for only nine percent of respondents, which Remick sees as short-sighted. “Many organizations prioritize technology solutions over improving processes and training staff,” he says. “This is a grave mistake.”
Further, life sciences companies engage patients through web portals and apps that help the patients better manage their conditions, but those approaches increase security risks, says Michael Ebert, a partner at KPMG.
At the same time, two-thirds of respondents say they are feeling more secure despite continuing breaches, and 40 percent acknowledge their overseas security protocols are not as strong as those used in the United States. One third of the executives reported their organization don’t allocate sufficient security resources internationally.
The survey was conducted in February among firms with revenue of more than $500 million. One-half of the executives were solely responsible for cyber security, and only 36 percent of those were in their positions more than two years.