Security at work is tight. No one waltzes through the lobby without ID. Passwords and entry codes are required within. Firewalls ring the computer network. Transmissions are routinely encrypted. The grounds are guarded, the perimeter fenced. Surveillance cameras abound. The company's prized knowledge assets are beyond the reach of renegades and rivals, right?
Wrong. A simple phone call to an unsuspecting employee can yield information that a professional intelligence operative can join with other seemingly innocuous fragments to figure out your company's next move.
Don't doubt that competitors are trying to ferret out your plans. Over the last decade, nearly every top-tier pharma has created a competitive intelligence (CI) function to legally and ethically acquire strategically significant external market information. In fact, according to John McGonagle, managing partner of CI experts The Helicon Group, "CI is probably more widespread in pharma than in other industries."So, what have pharma companies done to protect themselves from snoops? Practically nothing. "Fewer than five firms even think about throwing roadblocks in front of their competitors," says Neil Mahoney, president and principal of pharma CI specialists Global Business Management Concepts. For pharma companies to gain an edge, gathering intelligence is not enough. They must play defense too. As William DeGenaro, co-founder of The Centre for Operational Business Intelligence, likes to say, "You don't have to make it easy, you don't have to make it fast, and you certainly don't have to make it cheap for the other guy to find out what you're doing."
This article outlines what pharma companies can do to better shield their secrets from competitors.
Defensive Lapses What does insufficient defensive or counterintelligence cost pharma? "Nobody really knows," says John Verna, executive managing director and principal at Citigate Global Intelligence & Security. But the American Society for Industrial Security reported that during a 12-month period in 2000-2001, US companies suffered losses of proprietary information and intellectual property worth between $53 billion and $59 billion. Some of it was pilfered. But much was published on corporate websites, overheard in an exhibit hall or hotel bar, or glimpsed over someone's shoulder on a laptop. Some simply walked out the door.
How do these modest lapses add up to billions of dollars lost? Say company A learns the timing and content of competitor B's new product launch by talking to physicians and monitoring its clinical programs. Company A runs Phase IV trials on its own product. When Company B's competitive product hits the market, Company A is ready to undercut its competitor's claims with a countermessage. According to Mahoney, "This hurts you by diminishing your initial foothold and lowering your acceleration curve. It's not just an initial six-month sales hit, it's a 10-year hit." And that can amount to many millions of dollars in lost revenue.
How often does this kind of thing happen? More than you might suspect. Verna's firm once had a pharma client that was convinced its competitors "ignored it most of the time." So Citigate, a business intelligence, business controls, and security consultancy, launched an investigation. It turned out that three of five competitors "didn't have much in the way of research capability-odd, considering the industry," Verna says. But they did have extremely active CI functions, including personnel "who did nothing but track our client: its marketing, public relations, manufacturing, customer buying trends, pricing-the whole nine yards-but especially research and science." As for the competitors' research capabilities, Verna says they "had a tiny 'R' and a nice big 'D' because CI gave them a good sense of the most fruitful avenues for product development." What was the client's response? "Those people spend a quarter to half a million dollars just on staff resources alone just to keep an eye on us? We ought to do more to protect what we have."