Anapaya blog

The real cost of cybercrime for Life Sciences

Olivier Moll
Posted by Olivier Moll on 19 November, 2020
Cost of cybercrime

Reputational damage and the loss of consumer trust have longer-lasting consequences than fines

Life science organisations are built upon a carefully nurtured reputation that inspires confidence in consumers to use their products and services. However, cybercrime can cause irreparable damage to a life science organisation’s reputation and has long-lasting consequences.

Why reputation matters

Reputation for a life science organisation is intrinsically linked to its valuation, especially under the lens of mergers and acquisitions. If an organisation and the way it runs is secure, trusted and reliable, that organisation’s value will naturally rise.

However, when an organisation is the victim of a cyberattack, confidence in the brand, business and those who operate it falls dramatically. This can have adverse effects on the company’s ability to sell products, service customers and secure investments.

These effects are often far-reaching and do not appear to be evident at first consideration. Let’s take a look at a few of the potential consequences reputational damage can cause to a life science organisation.

Loss of company value

A recent survey from Intralinks concluded that cyberattacks could reduce company valuations between 5% and 20%, and that share prices could fall by 5% for each successful attack. Conversely, a 2016 survey found that if a company could demonstrate its ability to protect critical information from cyber attacks, its perceived value would rise.

Loss of brand image

Many regulations, such as the GDPR, require that organisations report data-breaches within 72 hours of the breach. This does not allow much time for an organisation to conduct damage control and brace for the public backlash.

More often than not, patient data hacks are likely to become front-page news and cause unquantifiable damage to a brand that consumers will remember. This loss of reputation is detrimental to any company - according to a Deloitte global survey on reputation risk, approximately 25% of a company’s value is based on its reputation.

Threats to merger and acquisition deals

A Deloitte survey indicated that almost a quarter of respondents expected M&A deals to fail following a successful cyber attack. This follows from the consensus that the value of a new acquisition or merger is primarily rooted in the intellectual property they possess. Compromised security indicates that the company is unable to protect their IP, and thus most of their value.

Negative impact on customer relationships

Loss of reputation could also result in waning customer relationships, who no longer feel confident in the organisation’s ability to protect and use their data responsibly. Merck’s cyberattack had an unfavourable effect on sales in 2017 of approximately $260 million attributed to the loss of customer confidence.

Increased insurance premiums

Insurance premiums escalate based on the history of an organisation and the history of that organisation’s security measures. However, it’s important to note that insurance is not a complete fail-safe solution. For Merck’s cyberattack, the insurance could only cover 17.3% of the damage, approximately $45 million.

The source of insecurity

The source of most cyberattacks tends to be Border Gateway Protocol hijacking.

BGP hijacking (also known as routing attacks) reveals the intrinsic weakness of the internet, as it operates today. Attackers accomplish BGP hijacking by falsely announcing ownership of groups of IP addresses. These addresses promise a shorter, more direct route to the destination your data wishes to travel. It is usually in this location where the theft of data occurs.

What makes BGP hijacking so effective is that there is very little that organisations can do about it when using the internet. This is because BGP, the protocol the internet uses for every user, is built on the assumption that interconnected networks always tell the truth about which IP addresses they own.

Secure at the source

If the Life Science industry wishes to instil peace of mind for their stakeholders and protect their reputation, they must counter BGP hijacking at its source. To do this, organisations must take back control of their data and how it travels.

Anapaya’s Next-Generation Internet allows life science organisations to select which networks their medical data passes through, where their data travels and how it gets there. This makes the transmission of medical data secure and entirely immune to BGP hijacking, ultimately protecting reputation and information.

BGP hijacking is a serious threat to life science organisations, but it doesn’t have to be. With Anapaya’s Next-Generation Internet, you can offer the security and confidence your stakeholders desire, while protecting your brand and reputation. Contact us today and discover how the next-generation of the internet is the best investment for your company and brand image.