Up and down the development pipeline, there are vulnerabilities. From shareholder expectations and IP protection to clinical trial risk and cyberattacks, it’s a minefield and enlisting a risk management partner is vital.
Small venture-backed biotechs risk everything on an idea, and every year, medium-to-large biopharma companies falter because of risks that were preventable. So it is imperative that companies of all sizes be proactive in working to prevent, mitigate and rebound from the myriad risks inherent in drug development.
Up and down the development pipeline, there are vulnerabilities. From shareholder expectations and intellectual property (IP) protection to clinical trial risk and cyberattacks, it’s a minefield and enlisting a risk management partner is vital.
Mitigating Cyber Risk
Cyber risk gets all the ink – and with good reason. Recently, fears arose about bad actors trying to gain access to critical data related to investigational COVID-19 vaccines. In November 2020, AstraZeneca was one of six pharmaceutical companies targeted by hackers thought to be from Pyongyang, North Korea.
Using a method known as social engineering, the hackers posed as recruiters on LinkedIn and WhatsApp, bearing false job offers. According to a source familiar with the matter, the documents were designed to gain access to the computers of those working on, among other things, COVID-19 research. Also reportedly on the hackers’ hit list were Johnson & Johnson and Novavax.
It is important to note that the hackers probably weren’t looking to steal the data in order to create their own vaccines or therapeutics. It is more likely that the draw was its vital importance to the companies racing to secure the first vaccine approval.
“With the majority of claims emanating from targeted ransomware these days, cybercriminals will target whichever data they’re most likely to receive a large ransom for, whether that’s information on individuals or sensitive corporate information. The question to ask yourself is, what would be inconvenient for you to lose, and how much would you be willing to pay to get that information back?” said Tom Gerard, Life Sciences Underwriter at CFC Underwriting, Ltd., a specialist insurance provider.
But there is no need for a company to just sit around and wait to be victimized. An ounce of prevention is well worth investing in a robust insurance policy.
“You want to make sure that you have certain coverages in place, because a cyber policy is going to include things like forensics to help you determine where a potential cyber breach can occur,” said Rachel Jenkins, Customer Success Manager at Founder Shield, a leading risk management partner for venture-backed high growth companies.
Founder Shield provides clients with cyber risk assessments to determine the potential impact of a cyberattack and identify systems that make them most vulnerable.
Biopharma companies also need to be aware of the risks they take on when contracting with another organization.
“When you’re contracting with supply chain partners, you might have access to their systems, and they might have access to your systems. So that in itself is creating a burden of vulnerability for a cyberattack. It doesn’t have to necessarily come directly from your system, from your lab,” Jenkins said.
Early Exposure
You don’t need to be a high-profile player like AstraZeneca or Johnson & Johnson, however, to face serious threats.
Young biotech companies are immediately met with the sky-high expectations of shareholders solely responsible for their existence. This can include venture capital firms, individual investors, and larger companies backing their mission.
“A claim could come from any stakeholder, but in that pre-revenue stage, it’s most likely that it’s going to come from an investor who put down a big check and has high expectations. And if you’re launching with a partnership, you’d better be sure that you have some breach of contract protection.”
These expectations include that the company stick to a certain timeline, and claims could emerge from unintentional miscommunication of what deliverables to expect and when. This is why Founder Shield advises its clients to invest in Directors and Officers (D&O) insurance from the very beginning.
Hilltop Bio, a small biotech providing regenerative veterinary therapies, has been a client of Founder Shield since July 2019.
“I would recommend getting some basic insurance prior to funding to protect your early R&D. It is also worth checking in with your advisors/mentors to see what insurance they recommend and what steps they would take to protect the company/product besides insurance,” said Hilltop president and CEO, Amanda Drobnis. “It is something that is not always talked about but should be addressed early on.”
Drobnis selected Founder Shield for its comprehensive coverage options.
“When Hilltop Bio got close to closing the first round of funding, it was brought to my attention that we would need several different types of insurance,” she said. “Founder Shield was easy to work with, provided a competitive quote, and was able to bundle the different types of insurance into one making it very easy for us.”
Procuring Patent Protection
The next threat on the ladder to commercialization is intellectual property risk. This especially comes into focus when signing the first third-party contract.
“Pre-revenue drug discovery companies might feel they have no exposure to patent infringement claims because there is no product in the market. But when R&D companies and academic institutions license valuable patented technology to one another, there is a lot at stake should a contract dispute occur,” Gerard said.
Founder Shield also advises clients to secure property insurance at the earliest possible stage.
“You’re not making any revenue, so your revenue generators are your property,” Jenkins said. “Then, as you go into development and you start working with supply chain partners doing preclinical testing and manufacturing, now your property is moving.”
This threat was brought into stark realization in March by J&J and Emergent BioSolutions, when the latter botched production of an ingredient in J&J’s COVID-19 vaccine. The error, which resulted in approximately 15 million ruined doses of the vaccine, occurred at Emergent’s Baltimore, Maryland plant, which is part of J&J’s manufacturing network.
The error was more of a nightmare for Emergent, whose executives were called before a congressional committee as a result – but what if this had happened to a smaller company?
“With any new product, the liability comes when you start making and storing the product. Losing already produced product is one of Hilltop Bio’s biggest liabilities. We have insurance, we have temperature monitors, and a backup generator, all to protect the product that is already finished,” Drobnis said.
Caution in Clinical Trials
Vulnerabilities arising from the actions of a third party are equally important when initiating a clinical trial. This is the point where a company would be wise to know the extent to which contract research organizations [CROs] and contract manufacturing organizations [CMOs] are protected.
“Outside the inherent risk of bodily injury to patients due to unforeseen side effects, the biotech needs to address the operational risk of running trials,” Gerard said. “Although the biotech will not be able to take out insurance for the mistakes of their service providers, they can and should seek indemnification, requesting Additional Insured status on the insurance policies of the CROs, CMOs, and any other consultants engaged. Strong contractual protection is also key.”
Clinical trials open a biopharma company up to all kinds of liability, and personal injury lawsuits are among the most costly. Companies need to take preventative measures to protect themselves from incrimination, and this extends to contractual language.
“Depending on the nature of the trial and the subject group, an adverse event undisclosed in the consent form may be very costly - given the often-limited funding of biotechs, uninsured injury claims and expenses could be the difference between business continuity and failure,” stated Gerard.
While patient lawsuits may be more publicized, Jenkins advises companies to also protect against claims brought by employees with Workers’ Compensation coverage.
“Your employees are the ones who are managing the testing. If they get injured on the job or accidentally exposed to something, that’s liability to the company. If you’re not maintaining the proper protocols and procedures, and your employees are now getting exposed to things that they should have never been exposed to, the company is liable for that,” she said.
Protecting the Intangibles
According to Jenkins, most biopharma companies appreciate and buy into the need for cyber and property insurance, but more awareness is necessary around the more complex risks.
“When companies start accruing a large amount of property, that’s when they start to get mostly concerned. When it comes to the D&O insurance, that’s something that I think you have to be educated on,” she said.
Gerard offered similar advice.
“With the majority of pre-revenue companies, the largest assets you have control over are intangible ones – whilst you might not have a warehouse with millions of dollars of stock or machinery in, what you do have is often years’ worth of data that you’re hoping will be worth more in the future,” he said. “For most businesses, losing a few years’ worth of proprietary data would be catastrophic, but when the future value of your business is predominantly based on the value of that data, you have a genuine risk to the viability of your business.”
If you want to learn more about how to identify the major risks for biotech companies, and how to implement strategies to mitigate against them, check out Founder Shield’s Biotech Risk Management guide.