It’s said that data is the lifeblood of the modern enterprise. While that’s certainly true, it’s also true that there is perhaps no industry as dependent on data – and protecting it – as the life sciences sector.
Of course, the very nature of data has evolved significantly over the past few years. What once consisted of straightforward records and research results has now expanded to include highly complex and distributed datasets generated by advanced technologies like genomics, AI-driven predictive models, and comprehensive and digitized patient histories. This data is not only critical for the day-to-day operations and strategic decisions of life sciences companies, but also holds immense potential for future breakthroughs in treatments and therapies.
The stakes couldn’t be higher. According to a recent Deloitte report, large pharma companies spent a record US $161 billion last year on R&D – an increase of almost 50% since 2018. That investment fuels breakthroughs that deliver life-saving treatments to the market. However, as this data grows in scale and complexity, the laws of diminishing returns start to kick in, and the cost and effort to manage and analyze all of this data can quickly outpace the value derived from it.
This is why many business and IT leaders in the life sciences sector are excited about the potential of GenAI to transform how they manage and extract insights from these massive data sets to enhance their predictive modeling, streamline operations, and, most critically, accelerate drug discovery.
Yet concerns about how these nascent technologies might compromise data security and privacy have dampened this enthusiasm. Are researchers plugging proprietary data into public LLMs? How secure are these systems against breaches and misuse? What measures are in place to ensure compliance with stringent data privacy regulations, such as GDPR and HIPAA? Moreover, how do organizations balance rapid innovation with the risk of exposing sensitive patient data and proprietary research?
Anticipating the Unintended Consequences
As any experienced CISO will tell you, cutting-edge tech often has the sharpest security edges. The public cloud revolutionized data storage and access, but it also brought concerns about data breaches and loss of control over sensitive information. Similarly, the adoption of IoT devices has expanded endpoint connectivity, yet it has also introduced new attack vectors for threat actors.
Without the proper safeguards in place, GenAI could likewise become conduits for intellectual property (IP) theft or accidental exposure. This data represents years of work and billions in investment, and it’s hardly an exaggeration to say that losing it can derail a company’s future. This is why few industries have invested as much in preventing insider-driven data loss as the life sciences sector has over the past two decades.
So why are life sciences companies so eager to adopt GenAI despite these risks? One word: talent—or rather, the lack thereof. This shortage isn’t just a minor inconvenience—it’s impacting the effectiveness of cybersecurity efforts.
Nevertheless, the introduction of GenAI requires a heightened focus on insider threat management to prevent these sophisticated tools from becoming vectors for data exfiltration.
3 Data Protection Principles
So, how can life sciences companies harness the power of GenAI while protecting their digital crown jewels? Consider the following three key principles as table stakes before going all in on GenAI:
- Broaden Your Risk Lens: Cybersecurity isn’t just about guarding against external threats. One in three data breaches involves a trusted insider who either intentionally steals data for personal gain or inadvertently exposes sensitive information through negligence or human error. While the potential of GenAI to transform operations is undeniable, it also amplifies these risk factors in new and often unpredictable ways. As these tools become more embedded in user workflows, security leaders will need to take a more expansive and holistic approach to protecting data.
- Prioritize People-Centric Security: The most effective security organizations understand that good security starts and ends with their people. Regular, targeted training can significantly enhance a company’s ability to handle insider-driven data incidents.
- Invest in Purpose-Built Data Protection Solutions: Although we may not yet fully appreciate all of the ways in which this technology might expose sensitive data or be misused by insiders, it’s clear that relying on conventional security controls won’t be enough. Instead, advanced capabilities such as real-time monitoring, automated threat detection, and context-aware response mechanisms will be essential for safeguarding your sensitive data and IP.
The life sciences industry is all about pushing the innovation envelope, and there’s little doubt that technologies such as GenAI will be instrumental in accelerating breakthroughs and improving patient outcomes. However, to harness their full potential, we must first recognize and prepare for the possible data risks they could introduce.
About Rob Juncker
As chief technology officer for Code42, now a part of Mimecast, Rob leads insider risk software development and delivery teams. He brings more than 20 years of security, cloud, mobile, and IT management experience to our team. Prior to Code42, Rob worked as vice president of research and development at Ivanti, where he led and shaped the company’s evolution from IT management technologies to security-focused solutions, with projects ranging from cloud-delivered analytics to hybrid cloud security.