To help combat cyber-threats across the life sciences industry, medical device makers are prioritising better cyber-security technology and improved governance and policies, according to the 2017 Cyber Healthcare & Life Sciences Survey by US audit firm KPMG.
The survey looks at a range of areas that are related to cyber-security risks and what companies are doing to protect data and information.
Over half (57%) of the organisations surveyed in the report feel more secure about their data security than they have done in the past, despite recent high-profile data breaches. 12% of companies felt their security was less secure and cloud-computing was seen as both improving data security and increasing the risk of breaches.
The survey highlights the increasing need for manufacturers to develop medical devices with cyber-security and data privacy concerns in mind from the beginning of the design phase.
Most life sciences companies were also revealed as not being ready to meet the new data privacy commitments set out in in the EU’s General Data Protection Regulation (GDPR). The GDPR, which goes into effect in May 2018, will be able to impose fines of up to 4% on companies that compromise personal data.
The information that is being shared the most between organisations is that of clinical research (77%), followed by contract manufacturing (51%) and marketing (45%). The most vulnerable data is financial information (82%), intellectual property (79%), followed by clinical research (49%). 41% of respondents also believe patient information to be vulnerable.
Nation states are the biggest threat (53%) to data-security, followed by individual hackers and those with political or social affiliations.
Liam Walsh, principal and healthcare & life sciences line of business leader, KPMG Advisory, said: “The value of digital assets across life sciences is skyrocketing—as are the risks and costs of regulatory non-compliance, reputational damage, and related cyber and privacy breaches. The challenge is to develop an accurate assessment of an organisation’s true risk profile and then consciously weigh its genuine risk tolerance against the existing cyber-security investment. I believe many will find that their investments are falling far short.”