See
Big pharma Prats ES (1
PUSS hem Utes
ELMO ele Lee ;
but few, strangely, make a systematic —
effort to protect their ow
DE a eee uePHARMACEUTICAL EXECUTIVE 43
ECURITY AT WORK IS TIGHT. NO ONE
waltzes through the lobby without
ID. Passwords and entry codes are
required within. Firewalls ring the
computer network. Transmissions
are routinely encrypted. The grounds are
guarded, the perimeter fenced. Surveillance
cameras. abound. The company’s prized
knowledge assets are beyond the reach of
renegades and rivals, right?
Wrong. A simple phone call to an unsus-
pecting employee can yield information that a
professional intelligence operative can join
with other seemingly innocuous fragments to
figure out your company’s next move.
Don’t doubt that competitors are trying to
ferret out your plans. Over the last decade,
nearly every top-tier pharma has created a
competitive intelligence (CI) function to
legally and ethically acquire strategically sig-
nificant external market information. In fact,
according to John McGonagle, managing
partner of Cl experts The Helicon Group, “CI
is probably more widespread in pharma than
in other industries.”
So, what have pharma companies done to
protect themselves from snoops? Practically
nothing. “Fewer than five firms even think
about throwing roadblocks in front of their
competitors,” says Neil Mahoney, president
and principal of pharma CI specialists
Global Business Management Concepts. For
pharma companies to gain an edge, gather-
ing intelligence is not enough. They must
play defense too. As William DeGenaro,
co-founder of The Centre for Operational
Business Intelligence, likes to say, “You don’t
have to make it easy, you don’t have to make
it fast, and you certainly don’t have to make
it cheap for the other guy to find out what
you're doing.”
This article outlines what pharma compa-
nies can do to better shield their secrets from
competitors.>>44 puaawnceuTical executive
Defensive Lapses
What does insufficient defensive or counterintelligence cost
pharma? “Nobody really knows,” says John Verna, executive
managing director and principal at Citigate Global Intelligence
& Security. But the American Society for Industrial Security
reported that during a 12-month period in 2000-2001, US
companies suffered losses of proprietary information and
intellectual property worth between $53 billion and $59 bile
lion. Some of it was pilfered. But much was published on cor-
porate websites, overheard in an exhibie hal or hotel bar, or
slimpsed over someone's shoulder on a laptop. Some simply
walked out the door.
How do these modest lapses add up to billions of dollars
lost? Say company A learns the timing and content of competi-
tor B’s new product launch by talking to physicians and moni-
toring it clinical programs. Company A runs Phase IV trials
‘on its own product. When Company B's competitive product
hits the market, Company A is ready to undercut its competi-
tor’s claims with a countermessage. According t0 Mahoney,
“This hurts you by diminishing your inital foothold and low-
«ring your acceleration curve. It's not just an initial six-month
sales hit, i'a 10-year hit.” And that can amount to many mil-
lions of dollars in lost revenue.
How often does this kind of thing happen? More than you
‘might suspect. Verna’s firm once had a pharma client that was
JULY 2004 wwnghamexae com
civil law to protect intellectual property—will not prevent
valuable information from leaking out.
For one thing, according to Mark Robinson, president of CI
consultants Competitive Strategies, security people “aren't
trained in information protection.” What's more, security off-
cers know litle or nothing about their companies’ strategy,
says Douglas Bernharat, veteran Cl professional and managing
director of Geneva-based iMentor Management Consulting,
s0 “they don’t know what they're supposed to be protecting
apart from the furniture.”
But the real problem, according to Bernhardt, is that “the
area of greatest vulnerability, the real danger” lies elsewhere,
‘As Cl consultant Leonard Fuld says, “More damage is done by
a company being lax about how it handles information than
by thieves.” The reason? “The most value-added information
‘one collets is from human sources,” Bernhardt notes.
itr Miele
Although corporations are occasional targets of both eco-
nomic and industrial espionage, their Achilles’ heel is inadver-
tent disclosure.
To be cleas, Cl, if practiced in accord with the code of ethics
‘of the Society of Competitive Intelligence Professionals (SCIP),
is principled and legal. I is surprising, though, what the law
More damage is done by a company being lax about how it handles
information than by thieves. The reason? The most value-added
information one collects is from human sources.
convinced its competitors “ignored it most of the time.” So
Citigate, a business intelligence, business controls, and security
consultancy, launched an investigation. It turned out that three
of five competitors “didn’t have much in the way of research
capability—odd, considering the industry,” Verna says. But
they did have extremely active Cl functions, including person-
nel “who did nothing but track our client: ts marketing, public
relations, manufacturing, customer buying trends, pricing—
the whole nine yards—but especially research and science.” As
for the competitors’ research capabilities, Vera says they “had
a tiny ‘R’ and a nice big ‘D’ because Cl gave them a good sense
of the most fruitful avenues for product development.” What
was the client’ response? “Those people spend a quarter to
half million dollars just on staff resources alone just to keep
an eye on us? We ought to do more to protect what we have.”
‘The question is: How?
Penmaes ns
CI professionals characterize corporate security as “gates,
guards, guns, and dogs.” They grant them full credit,
‘McGonagle says, for “stopping the guys with the black hats,
the burglars, hackers, and folks who want to firebomb your
research center because you do animal testing.” But corporate
and computer security—and the legal department, which uses
allows. For instance, it is not a erime to misrepresent yourself,
says attorney R, Mark Halligan of Welsh & Katz, Use of a pre~
text—"T'ma.,.student, pollster, headhunter, market researcher,
potential investor, journalist, customer, member of a user
group”—violates no law. It is, however, 2 crime to falsely
declare yourself tobe someone in particular.
Here’s an example of how Cl works. Bernhardt ran a busi-
ness out of Geneva that had some Big Pharma clients: “We had
people collect information from human sources all day. We
planned every project carefully, identified who the targets
‘were, what we wanted from them. We had a methodology and
people who were very good. So any targe that talked to us was
a sitting duck. We never lied. We never misrepresented our-
selves. We never used false names. And we always told them
who we were. But people like to talk about what they do, sei
entistsand doctors in particular. It has nothing to do with their
capability, intellect, or anything else. All the information we
collected was from loyal employees who had no idea what they
were giving us.”
How do Cl professionals get “85 percent of Americans to
‘cooperate and reveal information valuable to your firm,” as CI
‘guru John Nolan claims? They use elicitation techniques to sub-
tly guide the conversation. Nolan’s catalog of methods, by no
means complete, includes: “provocative statements, disbelief,
feigned naivete, criticism, encouraging snivelers and whiners to