A survey report on medical device cybersecurity was published by Cybellum, along with trends and predictions for 2022. It's worth noting that medical device cybersecurity has become a very challenging task.
With medical devices increasingly becoming software-driven machines and the rapid pace at which cybersecurity risk emerges as a result of new vulnerabilities, complex supply chains, new suppliers, and new product lines, keeping the entire product portfolio secure and compliant at all times appears to be impossible. Learning from peers and attempting to identify the best path forward is now more crucial than ever.
Security experts from hundreds of medical device manufacturers were asked what their biggest challenges are and how they plan to tackle them in 2022 and beyond in this poll.
The following are some of the intriguing findings from the survey about medical device manufacturers' security readiness:
- The top security difficulty for respondents is managing an expanding number of tools and technologies, which is partially explained by a lack of high-level ownership.
- Seventy-five percent of respondents said they don't have a dedicated senior manager in charge of device security.
- Almost 90% of respondents acknowledged that companies need to improve in critical areas including SBOM analysis and compliance readiness.
- In 2022, nearly half of companies increased their cybersecurity spending by more than 25%.
- A dedicated response team (PSIRT) is not in existence at more than 55% of medical device makers.
David Leichner, CMO at Cybellum said, “We embarked on this survey to gain a more comprehensive understanding of the main challenges facing product security teams at medical device manufacturers, as part of our effort to help to better secure the devices. Some of our findings were quite surprising and highlight serious gaps that exist both in processes for securing medical devices and in regulation compliance.”
