Big Pharma. Big Challenges.

The Pharmaceutical industry today is faced with a complex set of challenges. On one hand, it is forced to spend more and more on R&D to meet market demands. The sector spends more on research than any other industry. In fact, five of the world’s ten largest R&D budgets belong to Pharmaceutical companies.

However, costs are also on the rise. For example, the estimated cost of bringing a new chemical or biological product to market has more than tripled – from $451 million to $1.5 billion – in the past ten years. Faced with risks such as pricing pressures, higher litigation exposure, a complex regulatory environment, and generic competition – the industry is on the defensive.

And it is starting to show. The Pharma industry performed poorly relative to other industries in the last decade. Loss-making business functions are either being sold off, outsourced, or shut down completely. Always wary of tumbling down the patent cliff, the industry lost an astonishing $120 billion worth of patent protection in the past four years alone.

Facing a Faceless Threat

With so much money being spent on R&D in a world of increasing costs, it becomes critical for Pharma companies to ensure the security and safety of their IP. In fact, the Pharmaceutical sector is faced with security risks far greater than those faced by other industries. The increased security risk is due in part to the value associated with Intellectual Property (IP) – which forms the backbone of the Pharma sector’s entire business.

In the US alone, IP theft is estimated to cause losses of $300 billion a year, while global spending on IT security is expected to reach a measly $71.1 billion in 2014. Clearly, something’s not right.

Where and Why Your Security is Failing

In today’s flat and hyper-connected world, the security tools that you use to secure your environment aren’t enough. Your confidential information – that your business is built upon – is being accessed by multiple parties in multiple ways at multiple locations. A few key security risks facing the sector are:

  • The large number of licensing deals and collaborations with third parties
  • Increased outsourcing of manufacturing and clinical trials
  • The large number of technologies and platforms available today for information exchange, from mobile devices to cloud-based file-sharing services.

Product Dossiers sent to the Quality department; raw data and spreadsheets sent to a CRO (Contract Research Organization); drug marketing plans sent to a subsidiary in another country; patent applications lying in open network shares after being submitted and many others are all low hanging fruit for malicious (or just plain careless) employees, hackers, and competitors.

Consider the following ‘accidents’ that could be occurring to your data at this very moment:

  • An auditor in Europe loses his laptop that contained your Product Dossier
  • An employee leaves you for a competitor, and takes your Intellectual Property with him
  • Your IT administrator accesses the file server where your drug research and trial data is stored, and starts getting some ideas
  • Your Manufacturing team shares your R&D guidelines with a vendor, and the vendor’s network suffers a data breach
  • Your drug research is inadvertently leaked by scientists with whom you are collaborating

In today’s world of cut-throat competition and the next lawsuit looming just around the corner – pharmaceutical companies cannot afford a single slipup in securing IP and other critical information. However, the traditional security measures that your IT department has put in place cannot control your vendors’ or auditors’ computers. They cannot prevent your IP from being shared after you send it outside your network. The reality of most security tools available today – Firewalls, DLP systems, UTM, Disk Encryption, and so on – is that they only work for information that resides within your environment. You need something that secures your information regardless of where it goes and how it is accessed.

For the rest of the series, we’ll talk about how information-centric Information Rights Management (IRM) technology can help you successfully cover the risk of sending confidential data to third parties.

References:

  • Growing the pipeline, growing the bottom line, KPMG 2014.  
  • Future Pharma, KPMG 2011.
  • An Overview of Risk and Disclosure in the Global Pharmaceutical and Life Sciences Industry, KPMG 2012.
  • KBuzz Sector Insights. Issue 8 – August 2011. KPMG 2011.
  • The Report of the Commission on the Theft of American Intellectual Property, Commission on the Theft of American Intellectual Property 2013.
  • Gartner Newsroom