2023 Data Exposure Report: Life Sciences Sector Prioritizes Insider Risk Management Amid Increasing Data Loss Incidents

70% of Life Sciences respondents have seen an increase in data loss incidents caused by insiders over the past year, signaling data security improvements are necessary

MINNEAPOLIS--()--Code42 Software, Inc., the Insider Risk Management (IRM) leader, today released its 2023 Annual Data Exposure Report (DER): Life Sciences Sector. The study, conducted by independent enterprise technology market research expert Vanson Bourne, found that Life Sciences companies, including medical device manufacturers, biotech and pharmaceutical companies, are experiencing increasing rates of insider-driven data loss events. Faced with this growing threat, Life Sciences leaders are prioritizing modern data loss prevention strategies, which are proving effective.

Though data loss from insiders, or Insider Risk, is pervasive across all industries, it is uniquely damaging for companies in the Life Sciences sector. These companies handle a wealth of sensitive information, such as patient data, product designs, formulations, trial results, and manufacturing details. Safeguarding sensitive data from unauthorized access is vital to maintain a competitive edge and ensure uninterrupted business operations. Failing to do so results in expensive litigation processes, reputational damage, and most importantly, lost business opportunities.

In one recent example, biotech firm FibroGen filed a lawsuit against two former employees who allegedly used proprietary information to kickstart their own biotech company. The rival company founded by FibroGen’s ex-employees, Kind, initiated clinical trials for their biotech compound just six years after establishment – a remarkable accomplishment that FibroGen claims would have been impossible without the alleged theft of their company’s intellectual property. This case is a poignant reminder of the immense potential for Insider Risk to disrupt business operations, limit growth opportunities, and negatively impact the bottom line. Life Sciences companies that want to preserve customer confidence, protect valuable intellectual property and maintain their competitive edge, must address the growing issue of data loss from insiders.

Despite suffering fewer insider-driven events than other industries, data loss incidents are on the rise

Compared to other industries, there are fewer recorded insider incidents in the Life Sciences sector. Businesses in this sector suffer an average of 20 incidents per month, lower than other industries such as business and professional services (38 events per month) and energy, oil, and gas (28 events per month).

However, nearly 70% of Life Sciences respondents have seen an increase in data loss incidents caused by insiders over the past year, and they expect to see even more incidents in the coming 12 months.

Life sciences leaders are prioritizing IRM

CISOs of the Life Sciences industry comprehend the pressing nature of this issue, with nearly 4 out of 5 (78%) stating that they have a program dedicated to Insider Risk or threats.

The study also found:

  • About half (48%) of respondents say that the leadership team places enough attention on data loss from insiders.
  • Of the 22% of respondents that do not have a program dedicated to Insider Risk, 80% say that their company plans to implement a program in the next 12 months.
  • 69% of respondents expect their company’s budget for IRM to increase over the next year.

Data loss from insiders ranked as a top challenge

Survey respondents for the DER ranked insider-driven data loss as one of the most difficult types of threat to detect within their environment, almost equal to malware and ransomware.

In ranking the data security challenges they are most concerned about when protecting against data loss from insiders, Life Sciences respondents identified the following:

  1. Corporate espionage
  2. Visibility of data in cloud apps
  3. Password-related risks

Security awareness needs improvement despite frequent employee training

Although 60% of Life Science companies conduct data security training on a routine basis (weekly or monthly), most survey respondents (86%) feel that improvements are needed in data security training at their company.

Life Sciences leaders know the critical importance of protecting their sensitive information and are taking steps to protect it. While they may be experiencing relatively fewer data loss incidents compared to other industries, they still carry a significant level of risk – experiencing nearly one insider-driven data loss incident per day. Companies must implement a comprehensive and holistic solution to address the multifaceted challenge of Insider Risk and mitigate insider-driven data loss effectively.

Additional Resources

About Code42

Code42 is the leader in Insider Risk Management (IRM), offering end-to-end data loss detection and response solutions. Code42® Incydr™ data protection is native to the cloud and rapidly detects data exposure, loss, leak, and theft as well as speeds incident response – all without lengthy deployments, complex policy management, or blocking employee productivity. The Code42 Instructor™ microlearning solution and Code42’s full suite of expert services accelerate the effectiveness of Insider Risk programs.

With Code42, security professionals can protect corporate data and reduce Insider Risk while fostering an open and collaborative culture for employees. Designed to meet regulatory control requirements, Code42’s data protection solution is FEDRAMP authorized and can be configured for GDPR, HIPAA, PCI and other compliance frameworks. Innovative organizations, including the fastest-growing security companies, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NewView Capital and Split Rock Partners. Code42 has played a defining role in developing a vision and requirements for the IRM category and is a founding member of the annual Insider Risk Summit and Insider Risk Community.

The Company has several offices across the United States, and its clients include the most recognizable security, technology, manufacturing, and life sciences organizations, such as CrowdStrike, Okta, Lyft, Exabeam, BAYADA Home Health Care, Rakuten, Sumo Logic, MacDonald-Miller, MACOM, Ping Identity, Shape Technologies, and Snowflake.

© 2023 Code42 Software, Inc. All rights reserved. Code42, Incydr, and Instructor are trademarks or registered trademarks of Code42 Software, Inc. in the United States and other countries. All other marks are properties of their respective owners.


Offleash PR for Code42


Offleash PR for Code42