In the wake of the pandemic, how can the United States and other countries fight their way back to good public health and an economic recovery? Short answer: Develop enough doses of vaccines to be distributed and administered to millions of people without a hitch.
That’s the ideal, but the SARS-CoV-2 vaccine supply chain is rife with logistical complexities. What’s more, the enormously valuable intellectual property and data on the vaccines, components and therapeutics are relatively easy for threat actors to take. In fact, nation-states are already attempting to steal vaccine formulae and disrupt operations.
You are a potential target if you’re in the business of researching, developing, conducting trials, manufacturing or distributing the vaccine against the SARS-CoV-2, the virus that causes the disease COVID-19. If you’re a player in the highly intertwined network of big pharma, biotech, contract development and manufacturing organizations (CDMOs), and health and clinical research institutions, you can take a number of steps to help prepare for potential attacks.
Your CEO and board are right to ask: Are we taking effective measures to protect against cyber and foreign-actor risks?
Nation-state actors are patient, persistent, well funded and sophisticated. They can destabilize the SARS-CoV-2 vaccine development and supply chain using a variety of techniques.
Takeaways for executive leadership: Work closely with your security chief, CIO, CCO and COO to identify the sites, systems, personnel and processes involved in the vaccine development and manufacturing. Assess the risks and review your risk mitigation plan against the threat of nation-state actors. Enhance real-time threat intelligence capabilities throughout your supply chain. On foreign influence, work with internal audit/compliance and the general counsel to help close the gaps in your compliance program and reiterate your anti-bribery and anti-corruption policies.
Takeaway for the board: Understand the risks to the organization arising from these threats. Ask for regular communications from management on risks, defenses and response plans.
Many affected organizations are easy targets. What’s their Achilles’ heel? In our experience, weak controls are the source of significant risk. For many health research organizations, the extent of potential foreign influence through their international connections is a blind spot. In addition, manufacturing sites often operate outdated, unpatched or insecurely deployed systems. Flat and open networks, lack of privilege access management, lack of removable media control and vendor connectivity further contribute to insufficient resiliency.
Your ability to defend against nation-state attacks rests on the strength of your cybersecurity and anti-fraud and anti-corruption compliance programs, which may be daunting to shore up all at once. But you can start by focusing on these:
Takeaways for executive leadership: Prioritize the three defenses above, keeping in mind that the attackers may be insiders. Set up real-time dashboards to monitor for unusual activity among researchers and employees, suppliers, business partners and stakeholders. Periodically report to the board on indicators of effective defense against intrusions and threats.
Any organization involved with vaccine research, trials, manufacturing, and distribution should have a crisis response and remediation plan. A good response plan includes these four elements.
Takeaways for executive leadership: Think of the response plan within your resilience framework, and assess your resilience maturity. Make your plan transparent to executives, the board and business partners alike in order to engender trust. Engage the COO, CMO, CISO and CIO in developing and executing these strategies. Get the CFO’s buy-in for any spending or investment needed to mitigate the financial impacts of nation-state intrusions.
The stakes are high. Pharmaceutical and biotech companies are racing to capture the financial and reputational advantage of being first-to-market. Manufacturers are expecting the biggest contract manufacturing sales in recent history. To-date, in addition to $11 billion in grants, there may be ten times as much in investors’ money riding on the outcomes. Stock prices for some competing companies are trading around record highs.
The pharmaceutical industry garnered a record high of 73% of interviewees globally who said they trust the industry, according to the Edelman Trust Barometer spring update. But some nation-states are likely attempting to steal IP, bring about disorder and create a level of mistrust. Pharmaceutical companies — the face of the world’s way out of the pandemic — need to lead the entire vaccine ecosystem to make sure the spring 2020 boost isn’t just a trust bubble.
Principal, Information Technology, PwC US
Principal, Information Technology, PwC US
Cyber, Risk and Regulatory Marketing Lead Partner, PwC US