See Big pharma Prats ES (1 PUSS hem Utes ELMO ele Lee ; but few, strangely, make a systematic — effort to protect their ow DE a eee uePHARMACEUTICAL EXECUTIVE 43 ECURITY AT WORK IS TIGHT. NO ONE waltzes through the lobby without ID. Passwords and entry codes are required within. Firewalls ring the computer network. Transmissions are routinely encrypted. The grounds are guarded, the perimeter fenced. Surveillance cameras. abound. The company’s prized knowledge assets are beyond the reach of renegades and rivals, right? Wrong. A simple phone call to an unsus- pecting employee can yield information that a professional intelligence operative can join with other seemingly innocuous fragments to figure out your company’s next move. Don’t doubt that competitors are trying to ferret out your plans. Over the last decade, nearly every top-tier pharma has created a competitive intelligence (CI) function to legally and ethically acquire strategically sig- nificant external market information. In fact, according to John McGonagle, managing partner of Cl experts The Helicon Group, “CI is probably more widespread in pharma than in other industries.” So, what have pharma companies done to protect themselves from snoops? Practically nothing. “Fewer than five firms even think about throwing roadblocks in front of their competitors,” says Neil Mahoney, president and principal of pharma CI specialists Global Business Management Concepts. For pharma companies to gain an edge, gather- ing intelligence is not enough. They must play defense too. As William DeGenaro, co-founder of The Centre for Operational Business Intelligence, likes to say, “You don’t have to make it easy, you don’t have to make it fast, and you certainly don’t have to make it cheap for the other guy to find out what you're doing.” This article outlines what pharma compa- nies can do to better shield their secrets from competitors.>>44 puaawnceuTical executive Defensive Lapses What does insufficient defensive or counterintelligence cost pharma? “Nobody really knows,” says John Verna, executive managing director and principal at Citigate Global Intelligence & Security. But the American Society for Industrial Security reported that during a 12-month period in 2000-2001, US companies suffered losses of proprietary information and intellectual property worth between $53 billion and $59 bile lion. Some of it was pilfered. But much was published on cor- porate websites, overheard in an exhibie hal or hotel bar, or slimpsed over someone's shoulder on a laptop. Some simply walked out the door. How do these modest lapses add up to billions of dollars lost? Say company A learns the timing and content of competi- tor B’s new product launch by talking to physicians and moni- toring it clinical programs. Company A runs Phase IV trials ‘on its own product. When Company B's competitive product hits the market, Company A is ready to undercut its competi- tor’s claims with a countermessage. According t0 Mahoney, “This hurts you by diminishing your inital foothold and low- «ring your acceleration curve. It's not just an initial six-month sales hit, i'a 10-year hit.” And that can amount to many mil- lions of dollars in lost revenue. How often does this kind of thing happen? More than you ‘might suspect. Verna’s firm once had a pharma client that was JULY 2004 wwnghamexae com civil law to protect intellectual property—will not prevent valuable information from leaking out. For one thing, according to Mark Robinson, president of CI consultants Competitive Strategies, security people “aren't trained in information protection.” What's more, security off- cers know litle or nothing about their companies’ strategy, says Douglas Bernharat, veteran Cl professional and managing director of Geneva-based iMentor Management Consulting, s0 “they don’t know what they're supposed to be protecting apart from the furniture.” But the real problem, according to Bernhardt, is that “the area of greatest vulnerability, the real danger” lies elsewhere, ‘As Cl consultant Leonard Fuld says, “More damage is done by a company being lax about how it handles information than by thieves.” The reason? “The most value-added information ‘one collets is from human sources,” Bernhardt notes. itr Miele Although corporations are occasional targets of both eco- nomic and industrial espionage, their Achilles’ heel is inadver- tent disclosure. To be cleas, Cl, if practiced in accord with the code of ethics ‘of the Society of Competitive Intelligence Professionals (SCIP), is principled and legal. I is surprising, though, what the law More damage is done by a company being lax about how it handles information than by thieves. The reason? The most value-added information one collects is from human sources. convinced its competitors “ignored it most of the time.” So Citigate, a business intelligence, business controls, and security consultancy, launched an investigation. It turned out that three of five competitors “didn’t have much in the way of research capability—odd, considering the industry,” Verna says. But they did have extremely active Cl functions, including person- nel “who did nothing but track our client: ts marketing, public relations, manufacturing, customer buying trends, pricing— the whole nine yards—but especially research and science.” As for the competitors’ research capabilities, Vera says they “had a tiny ‘R’ and a nice big ‘D’ because Cl gave them a good sense of the most fruitful avenues for product development.” What was the client’ response? “Those people spend a quarter to half million dollars just on staff resources alone just to keep an eye on us? We ought to do more to protect what we have.” ‘The question is: How? Penmaes ns CI professionals characterize corporate security as “gates, guards, guns, and dogs.” They grant them full credit, ‘McGonagle says, for “stopping the guys with the black hats, the burglars, hackers, and folks who want to firebomb your research center because you do animal testing.” But corporate and computer security—and the legal department, which uses allows. For instance, it is not a erime to misrepresent yourself, says attorney R, Mark Halligan of Welsh & Katz, Use of a pre~ text—"T'ma.,.student, pollster, headhunter, market researcher, potential investor, journalist, customer, member of a user group”—violates no law. It is, however, 2 crime to falsely declare yourself tobe someone in particular. Here’s an example of how Cl works. Bernhardt ran a busi- ness out of Geneva that had some Big Pharma clients: “We had people collect information from human sources all day. We planned every project carefully, identified who the targets ‘were, what we wanted from them. We had a methodology and people who were very good. So any targe that talked to us was a sitting duck. We never lied. We never misrepresented our- selves. We never used false names. And we always told them who we were. But people like to talk about what they do, sei entistsand doctors in particular. It has nothing to do with their capability, intellect, or anything else. All the information we collected was from loyal employees who had no idea what they were giving us.” How do Cl professionals get “85 percent of Americans to ‘cooperate and reveal information valuable to your firm,” as CI ‘guru John Nolan claims? They use elicitation techniques to sub- tly guide the conversation. Nolan’s catalog of methods, by no means complete, includes: “provocative statements, disbelief, feigned naivete, criticism, encouraging snivelers and whiners to