Recently, security breaches have been reported at several contract research and diagnostic testing organizations. To mitigate risk and ensure regulatory compliance, pharma and biotech sponsors must shift to a multipronged approach to cyber security. Given the large investment in digital health and digital innovation, stakeholders from sponsors, CROs, and investigators must collaborate to secure the vast quantities of data produced by drug discovery and development programs.
Not only the R&D organizations should maintain their own IT infrastructure, but they must ensure that their outsourced R&D service providers demonstrate a commitment to data security. This responsibility has traditionally been held by a company’s IT leaders, and now must be shared by scientific leadership, operations, legal and finance teams.
Five factors drive the shift to shared responsibility for mitigating risk:
● Distributed R&D. R&D studies are carried out across geographies, across multiple providers, and by subcontractors.
● Large shared data sets. Data can be stored, processed, and transmitted via multiple cloud-based platforms.
● Heightened public awareness. Companies are required to make public data disclosure events; however, there is increased awareness of other types of cyberattacks, such as ransomware, phishing, and intellectual property theft.
● High dollar amounts of losses caused by unusually sophisticated and destructive cyberattacks. The Not Petya attack of 2018, affecting at least one large pharma company, cost businesses over $10 billion.
● Increased oversight. The United States legislature now requires that companies who have undergone data breaches disclose which third-party providers they use and what security measures are in place. As of May 2019, 91 companies have been fined for noncompliance with Europe’s GDPR data privacy regulation, which took effect in May 2018.
Barriers of visibility into outsourced R&D
Stakeholders agree that more visibility is needed. However, managing external R&D projects have traditionally lacked clear audit trails, a centralized location for information, and integration with organizations’ internal systems.
In one survey of R&D leaders, 78 percent of respondents felt at least somewhat challenged to confirm a provider’s commitment to data security and privacy. Besides, 79 percent surveyed said they were concerned about protecting IP when working with external R&D providers.
Technology platforms mitigate risk
Given that outsourced spend accounts for a rapidly growing share of R&D budgets, most major pharma’s and bio techs of all sizes now use R&D services marketplaces, recognizing that failing to do so would put them at a competitive disadvantage. Marketplace platforms help organizations assess provider quality, maintain audit trails, centralize data storage, and ensure security and privacy compliance.
With several online R&D marketplaces now supporting various aspects of life science research, drug discovery and development companies have a path forward to conduct networked R&D, with transparency and security, at scale.