Cyber Security: Are We Investing Enough In Our Supply Chains?

By Louis Garguilo, Chief Editor, Outsourced Pharma

Not to begin the year climbing a wall of worry, but consider this scaling dilemma within your supply chains:

• Technological progress leads to an increased risk of data breaches, cyber attacks, and external over-reliance. That is, the more tech-savvy and tech-based your biopharma operations and products become, the more cyber risks they expose.
• Nonetheless, the success of competitive drug development and manufacturing programs today often rely on advancing innovation and digital technologies.

So if the end of 2019 and beginning of this new year had you binge reading editorials describing the amazing digital-technology future coming our way, this editorial is for you.

Emerging Security

In fact, it appears more readers than not are as cautious of the new technologies as they are supportive.  

According to GlobalData, a leading data and analytics company, among the emerging technologies biopharma can select for investment, the first choice is cyber security.

This chart tells us that over 70% of pharma executives, with some level of responsibility for the implementation of new and emerging technologies, “prioritize data protection and storage solutions as their digital investment.”

Urte Jakimaviciute MSc, Senior Director of Market Research at GlobalData says, “Any cyberattack that leaks confidential information can affect not only revenues but also damage brand reputation, disrupt the supply chain, or result in litigating actions.

“The importance of cybersecurity to pharma can be emphasized by taking a well-known example of Merck. The cyberattack that hit the pharma giant in June 2017 led to a disruption of Merck’s global operations, including manufacturing, research and sales.”

As of December 2019, the 2017 attack has cost the company $1.3 billion, including lost sales, remediation, and replenishment of the cache valued at $240 million. The net insurance recovery was only around $45 million, prompting Merck to sue its insurers for damages.

Jakimaviciute sums up: “Cybersecurity, cloud computing, blockchain, and big data are correlated. Large data sets require the high level of security associated with data processing, transferring and storage. Even though the return on investment for the technologies such as cybersecurity may be hard to calculate as it rests on hypothetical situations, skipping out on it can become the biggest expense ever.”

So overall, how prepared does senior leadership at biopharma feel about their cyber security investments? This chart breaks out that sentiment.

But is this sentiment a true indication of real-world analysis for risk and readiness, or does it point to a bit of complacency? And what of the supply chain specifically?

Regarding that last question there’s a targeted concern: The CDMOs you use as your development and manufacturing partners.

CDMOs Not In The Digital Details?

To learn more, I spoke with Bonnie Bain, PhD, Global Head and Executive Vice President of Healthcare Operations and Strategy at GlobalData, just after her detailed presentation at CPhI Worldwide 2019 in Frankfurt, Germany, which was titled: “Digital disruption is knocking – is healthcare ready?”

Bain is a recognized analyst on topics such as AI and digital data agglomeration. But growing up in the Bahamas, she couldn’t have known that the farming and fishing her parents did would for her turn into a specialty including server farms and digital phishing.

Within a wide ranging conversation on biopharma’s use of AI, blockchain and the like, she told me this about studies such as the one leading this editorial:

CDMOs do a particularly poor job of responding to surveys.

And that itself can pose a security risk of sorts.

“These digital data opportunities and issues apply to the CDMOs as well,” says Bain.

“We see an overall decline in R&D productivity, and in return on investment, and a big part of that is the overall cost of getting that drug to market. From my perspective, there needs to be an overall transformation in the way drug development is actually approached. That’s not only from within the pharma company itself, but within its partners as well.

“The tools to increase productivity, such as AI, machine learning and robotic automation, they need to be adopted by the CDMOs as well. Both sides need to make the change.”

And that includes beefing up cyber security in elongating supply chains.

“Unfortunately,” Bain says, “although we include the external partners in our reach out, for many of the studies we only solicit the occasional respondent – CMOs or CDMOs tend not to opt in and complete the studies.”

Why the reluctance to respond?

“I've struggled to understand this myself,” replies Bain. “We do see some companies that are repeat respondents to the surveys. For example, if we're covering a topic like Brexit, we know there are certain companies that will participate every time.”

On the other hand, for topics such as digital transformation and emerging technologies, it's a challenge. “Fewer of them respond – the end value is not what it should be.”

“All these studies are extremely relevant, and it's a bit of a concern,” says Bain. She isn’t sure if CDMOs consider this more of an internal issue to pharma and less relevant to them,” says Bain, “but if they do, I believe they're going to struggle over the next couple of years.”

“The companies that are quick to adapt and make the changes will be those that secure the deals moving forward, and actually be the partner of choice for pharma.”

This leads me to a question I’ve asked often: Who pays for the upfront costs needed to migrate and upgrade to these new digital platforms and cyber technologies?

“I guess one way of looking at it is this will be an expensive upfront investment,” explains Bain. “But what will that ultimate return for the CDMO be if they can offer what their competitors aren't because those other companies have not made that investment?”

On the other side, of course, biopharma customers will reap major benefits. Not to mention improved peace of mind.

“You're going to recoup that investment,” says Bain. “Pharma companies won’t be quick to switch a CDMO if you already have a relationship with a partner that has these transformational technologies. Both the biopharma customer and the service provider should be golden for the next couple of years.”

However, both sides should spend their technology dollars wisely. The following chart, again from GlobalData, is a good place to wrap this discussion up.

Q: Within your organization, on which of the following business functions are you focusing your technology-related investments? (Respondents can select multiple options.)

Within the “manufacturing and operations” function, cybersecurity does well in garnering investment. Still, compared to the other functions running down the left-hand side of the chart, our specific category of interest is actually last in cybersecurity investment.

Let’s hope that for now that’s enough investment to keep you secure – at home and at your supply-chain partners.