Report suggests biopharma wise to outsource cybersecurity

The rise of cybersecurity threats gives biopharma and other industries a new and unfamiliar problem that they are ill-equipped to handle alone. In response, an increasing number of biopharma companies are outsourcing cybersecurity activities, a strategy that has been vindicated by a new report.

Edward Ferrara, principal analyst of security and risk at Forrester Research, noted the trend for biopharma businesses to work with managed security service providers in an interview with The Wall Street Journal. Heavy hitters of the tech world--including Dell, Symantec, AT&T and IBM--are competing to monitor and manage biopharma companies' intrusion detection systems and firewalls. Service providers can also look out for malicious hacks and denial-of-service attempts.

Ellen Richey, chief enterprise risk officer at Visa, estimates that 75% of security breaches result from these basic attacks, so there is real value in paying for protection. "There's a lot to be said from an economic view in controlling this risk by doing basic blocking and tackling that's absolutely not being done in many places today," Richey said at the EastWest Institute's Cybersecurity Summit earlier this month. Financial services companies, along with biopharma, are among the most active outsourcers of cybersecurity.

The policy appears to be paying off. A report by BitSight Technologies, a business that ranks companies' security effectiveness, found that the financial services industry detects and responds to cyber incidents faster than the technology, retail and energy sectors. Ferrara thinks the finance sector's outsourcing of security--a strategy it shares with biopharma--enabled it to respond quickly. Vendors can help achieve these times as they monitor cybersecurity risks on a large scale and have access to the sector's top talent, Ferrara said.

- here's the WSJ article (sub. req.)
- view the BitSight report (PDF)