Safeguarding the Life Science Sector Against Cyber Risk

Travelers T logo
By Travelers
4 minutes
Last updated 7 December 2023
Cyber Security Resources
Quality control worker analyzing machine part on a manufacturing machine

As the COVID-19 pandemic made clear, the life sciences sector is a key pillar of modern economies. Its breakthroughs can demonstrate a nation’s strength and attract investment. In the wake of the pandemic in the UK, the government developed a Life Sciences Vision that set out an ambition to become a “science superpower” by 2030.1 In mid-2023, it unveiled a £650 million package to support the UK’s life sciences sector and spur further development.

But as the sector becomes more valuable, it also becomes a more appealing target for crime. Life sciences companies, including medical technology, digital health and pharmaceutical firms, possess plans for potentially life-changing drugs and medical devices that could generate billions of pounds in revenue. Cyber criminals are eager to seize a piece of that. In 2023, the average cost of a breach in the pharmaceutical sector is £3.9 million. In the healthcare sector, it’s £8.8 million.2

While life sciences companies experience some of the costliest data breaches of any sector, the real threat of cyber-attacks against these companies is the loss of intellectual property (IP).3 IP can represent up to 80% of a life sciences company’s value, so the theft of this asset can devastate an organisation, causing it to lose exclusive control over proprietary and confidential information, as well as its competitive advantage in the marketplace. Breaches of medical records can be expensive to remediate and may lead to regulatory fines, legal expenses, reputational damage and the loss of customer trust.

Protecting intellectual property

Unfortunately, life sciences companies can be vulnerable targets for these crimes. Deloitte research found that many organisations in the sector haven’t invested in cyber risk programmes that keep pace with their evolving development. Further, if cyber-related regulations haven’t forced a company to invest in stronger cybersecurity, it may lack the tools that empower it to detect and respond to attacks.4

There are risks beyond the walls of a life sciences company too. An organisation’s IP is often shared with others in ways that give cyber criminals an opportunity to capitalise on it. Companies in the sector must often exchange confidential information with partners across borders and via the cloud. While this may expedite research and development, it can also expose IP to theft.

The many links in a company’s supply chain further increase cyber vulnerability. If just one supplier lacks effective security controls, cyber criminals can infiltrate organisations along the chain. These security weaknesses represent low-hanging fruit for cyber criminals – an easier target is a more attractive one.

Plan for the inevitable

The odds of a cyber-attack are high and potential losses great, but insurers and brokers are in an important position to help life sciences clients understand their risks and proactively protect their interests.

It’s important to advise clients to take these steps:

  • Inventory network assets and identify the most critical. This process should be ongoing as assets evolve.
  • Isolate sensitive information from the data and tools employees use every day and store backup data offline.
  • Restrict access to the organisation’s most critical data.
  • Use protections such as multi-factor authentication and an endpoint detection and response solution.
  • Create a security-first culture. Suppliers, vendors and cloud providers should maintain, at a minimum, the same security standards as the business.
  • Actively scan the network for unauthorised activities, including systems that remote workers download to their devices that could compromise security.
  • Continually update patchwork management strategies.
  • Use a well-defined, customised framework of standards and practices to reduce cyber vulnerability and ensure ongoing compliance. Ensure employees understand their roles and have trained backups.
  • Build medical devices with cybersecurity in mind from the earliest stages of design through production.
  • Train employees to recognise social engineering tactics, such as phishing emails and malicious links.

Cyber insurance as a safety net

Even the most rigorous security measures can’t prevent cybercrime. But cyber insurance can soften the impact of an attack by helping to cover the costs and legal claims resulting from a breach. Importantly, it also provide expert support to organisations in the wake of a cyber-attack, when anxiety can run high and it’s critical to be able to act quickly and effectively to contain damage.

Travelers’ Technology and Medical Technology Cyber insurance offers broad, flexible coverage options to help protect clients in the life sciences sector from damages associated with an incident, including cyber extortion, data restoration, breach notification, business interruption, and reputational harm.5 Policyholders can also access services to mitigate the effects of cyber risk before and during an incident – so the organisation can make itself a more difficult and less appealing target for theft. If a breach does occur, they have the benefit of expert support that can help set them back on track as quickly as possible.

The information provided in this document is for general information purposes only. It does not constitute legal or professional advice nor a recommendation to any individual or business of any product or service. Insurance coverage is governed by the actual terms and conditions of insurance as set out in the policy documentation and not by any of the information in this document.

Sources

1https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1013597/life-sciences-vision-2021.pdf
2 https://www.ibm.com/reports/data-breach
https://www2.deloitte.com/content/dam/Deloitte/us/Documents/finance/us-advisory-intellectual-property-theft-prevention-in-life-sciences.pdf
4 https://www2.deloitte.com/us/en/pages/advisory/articles/life-sciences-information-security-intellectual-property.html
5 https://asset.trvstatic.com/download/assets/TRV4084-technology-medtech-cyber-coverages-factsheet.pdf/844f9e9c1d5111efacd8220b0e056b7d

More insights & expertise

More insights & expertise

Thinking Beyond Insurance to Manage Evolving Cyber Risks

Travelers prepares to bring new cyber services to the UK and Ireland market following its acquisition of Corvus.

Matt Waller, formerly of Corvus and now head of the combined cyber underwriting team at Travelers Europe, and Chris McMurray, managing director for cyber at Travelers Europe
5 minutes

More insights & expertise

Managing Cyber Threats in a Law Firm’s Supply Chain

If cyber threats to your law firm keep you awake at night, you’re not alone.

A businessman working late in an office.
6 minutes

More insights & expertise

Interview: Travelers Comprehensive Cyber Solutions | Chris McMurray and James Doswell

What are the top cyber threats facing UK businesses right now? This video explores Travelers’ cyber proposition in the UK.

Man holding smart phone with data security on display at office
12 minutes
Explore more articles