Introducing the First Virtual Conference for Product Security - Left to Our Own Devices: The Conference.
Introducing the First Virtual Conference for Product Security - Left to Our Own Devices: The Conference.

Cybersecurity vs. Time-to-market: Medical Device Pros Weigh In

Cybersecurity vs. Time-to-market: Medical Device Pros Weigh In

In a highly-regulated sector like medical device manufacturing, time-to-market needs to be carefully balanced with security and compliance. In addition to the aggressive timeframes development and product teams are tasked with to get new innovation to the market, medical device manufacturers (MDMs) are also responsible for the security of connected systems and processes that have a real-time effect on safety.

In our recent survey, The 2022 Medical Device Security Survey Report, we spoke to 150 global senior security and compliance decision-makers who are working in the medical device manufacturing (MDM) industry, and asked them to open up about the key challenge of cybersecurity vs time-to market in their organizations.

How Much Importance do Security Pros Place on Device Security?

Figure 7 Companies Attitude Towards Device Security

There’s no question that today’s device security and compliance managers understand the importance of continuous medical device security. 83% call device security a competitive advantage, and 79% recognize how device security will minimize business risk. 73% of respondents agree that device security is critical in order to protect their brand.

There is also a large majority that, aside from viewing device security as offering a competitive edge, recognize that it’s a necessary part of doing business in a highly regulated arena. 80% call device security a “necessary evil” imposed by the regulators, and 78% put compliance as their finish line – admitting that they do the minimum necessary in order to achieve the regulated compliance posture.

However, 79% of respondents are worried about security negatively impacting delivery timelines, and say that for them, getting products to market is a higher priority than device security.

The Challenges for Today’s Device Security Teams

The conundrum of security vs time-to-market is evident when we look at the challenges today’s MDM pros are describing. Top on their list of challenges is a growing set of tools and technologies. It appears that security and compliance pros are spending more time than ever managing the growing number of security tools, consolidating information, or trying to get a single view of their environment.

Considering the high number of tools, and the challenge of continuous management – second on their list of challenges with 43% – it’s no surprise that both visibility and tracking remediation of medical device security risks are also among MDM’s top concerns. Additional challenges that are a direct result of these issues are efficiency, and achieving frictionless security for development teams.

figure 1, top device security challenges 2022

Clearly, most of the top challenges on MDM security and compliance pros list have to do with issues that are slowing down the pace of development and release.

Cybersecurity: Business Enabler, or Barrier to Faster Time-to Market?

With these challenges front of mind, we can see that today’s senior product owners recognize they need to make organizational changes in order to be able to speed up the pace of development for accelerated time-to-market – without negatively impacting security.

Figure 6 Drivers for increasing device security budget

43% of respondents admit that device security provides a competitive edge and is a business enabler. While security might still be seen by some as a process that slows down development and delivery, it is also widely recognized as essential for business. That means teams need to find a way to incorporate security without negatively impacting time to market.

Re-thinking Priorities for Secure and Fast Delivery

Security pros for MDMs are speaking loud and clear – cybersecurity needs to be a priority in today’s organizations, but they can’t afford to slow down development and delivery. According to the data, there are many key priorities that show security teams recognize the importance of security that facilitates time-to-market, rather than acts as a hurdle.

Figure 3 Priorities for Product Security Roadmap, 2022

Two items share the #1 spot in terms of security priorities: establishing an overarching device security governance practice, and integrating security earlier in the development pipeline.

Both of these steps will help ensure all teams are working together on a continuous cybersecurity process throughout the entire device lifecycle, and allow security, compliance, and development teams to achieve secure and compliant processes without impeding the pace of development and delivery teams.

Integrating automation into these important steps is key. An overarching device security platform that detects and addresses vulnerabilities and risks from the earliest stages of development, will help teams achieve both cybersecurity and speed. Continuous automation throughout the device lifecycle, from design through to post-production will free development and security teams from having to compromise on security, or speed.

Interested in seeing the full picture? Download the 2022 State of Medical Device Security Survey Report here