The Must-Dos of Cyber Security in Biotech

The Danforth Digest: Quick takes on running the business of life sciences

Biotech companies of all sizes today require a means of guarding against cyber security breaches. Risks in this industry include exposure related to intellectual property and the storage of patient and personal data. 

View a conversation between Gregg Beloff, Co-Founder and Managing Director; and Ed Downey, Head of Enterprise Risk Management; on the topics of cyber risk, cyber insurance, and key security measures to implement.

Gregg Beloff: Let’s start by discussing common cyber risks that companies should be aware of. 

Ed Downey: Cyber risks can vary widely, but in the biotech sector, we’ve seen a range of threats. These include phishing attacks where hackers impersonate high-level executives to manipulate employees into making financial transactions. There are also instances of hackers infiltrating manufacturing protocols to compromise the quality of pharmaceuticals. Cyberattacks can even extend to cargo providers, leading to hijackings or diversions of shipments. And of course, there’s the ever-present threat of ransomware, where hackers demand payment to either keep systems shut down or release sensitive information. Biotech companies handling clinical trials with patient data face hefty fines and penalties if compromised, especially in countries like Germany.

Gregg Beloff: Given these risks, at what stage should companies consider cyber insurance? Is it a must for startups, or is it more relevant for mature companies?

Ed Downey: Cyber insurance is a must for all companies, regardless of their stage of development. Cyberattacks are opportunistic and can strike at any time. The increasing prevalence of remote work makes it even more critical to protect sensitive information. Companies should invest in cyber insurance from day one, especially given the evolving regulatory landscape. Small companies will soon be required to report cyber incidents to the SEC within four days. Boards, management teams, and individuals must be proactive in addressing these risks.

Gregg Beloff: You mentioned the importance of boards and management teams. What role should they play in cyber risk management?

Ed Downey: Boards and management teams must be strategic in their approach to cyber risk management. It’s not just about buying the cheapest cyber policy available; it’s about choosing one with valuable services. Some policies include concierge services with attorneys and forensic accountants who can take swift action in the event of a cyber incident. Additionally, they need to be aware of upcoming regulatory changes and ensure their company has a plan for reporting cyber incidents promptly. Cybersecurity education for staff is equally critical, as employees are often the first line of defense.

Gregg Beloff: What are some key security measures that companies should assess and implement to protect against cyber threats?

Ed Downey: There are several key security measures that companies should consider. First and foremost, password security is crucial. Passwords should be long, complex, and not shared. Regularly changing passwords is a simple yet effective practice. Multi-factor authentication adds an extra layer of security. VPN services are vital for secure remote work, ensuring that connections are not open to potential threats. Lastly, employees should avoid working remotely in public areas without a VPN connection to prevent unauthorized access. It’s worth noting that cybersecurity extends beyond devices to include the protection of physical documents, as sensitive data can be exposed through improper disposal.

The world of cyber security is constantly evolving, and biotech companies must be prepared to face a wide range of threats. Cyber insurance, along with proactive security measures and a well-informed management team and board, can make a significant difference in mitigating these risks. As technology advances, staying one step ahead of cyber threats is essential for the continued success and security of biotech companies.