Oct 19, 2023
Cybersecurity Awareness Month: Building on our strong cybersecurity culture

Denise Russell Fleming, Chief Information Officer and Executive Vice President of Technology & Global Services for BD

As disciplines, cybersecurity and information technology (IT) are built on the same pillars: people, process and technology. Like a three-legged-stool, all three must be present and supported in equal measure for the foundation to be solid. As a company, focusing on these three elements has helped us strengthen our cybersecurity methodology and embed strong cybersecurity principles and practices throughout the organization. Here are some of the ways we have made cybersecurity a core part of our culture at BD:

Prioritize cybersecurity hygiene skills

Human involvement is a factor in nearly three-quarters of all breaches, whether through errors, misuse, stolen credentials or social engineering.1 The technologies we use at BD block more than 50 million phishing attacks each month, but we can never rely on technology alone. We must also continuously reinforce strong cybersecurity hygiene skills in our workforce of 77,000 associates.

Every month, we send simulated phishing emails to all associates with a BD email address and assigned computing device to reinforce the importance of recognizing and reporting suspicious emails. This year, we are also leveraging Cybersecurity Awareness Month to amplify the relationship between cybersecurity and patient safety and reinforce the need for constant vigilance—because cybersecurity is everyone’s responsibility.

Continually improve cybersecurity processes

Process excellence is a critical part of delivering value. It is also essential for managing cybersecurity risk at scale. From security engineering and architecture to security governance and operations, identifying opportunities to streamline and improve our processes increases the organization’s cybersecurity defenses and resilience.

One example is managing third-party risk management. Ninety-eight percent of organizations worldwide work with at least one third-party vendor that has been breached in the last two years.2 To protect BD, our customers and patients, we systematically assess the cybersecurity posture of our suppliers and make transparency and information security part of our expectations for BD suppliers. We also receive detailed software bill of materials (SBOMs) from our third-party software component providers, which helps us efficiently determine which BD systems and products are potentially impacted by newly discovered vulnerabilities. This allows us to respond quickly and take a strategic approach to prioritizing risk management.

Assess the risk equation when evaluating emerging technologies

As a technology leader, I am passionate about enabling digital transformation to help the business achieve strategic goals. Cybersecurity risk is always a factor that must be considered when assessing the potential of emerging technologies, from generative artificial intelligence (GenAI) to ubiquitous connectivity. At BD, we assess cybersecurity risk from the outset when considering new technologies to understand the potential impact on the risk equation. Viewing risk management through this lens helps us maintain cybersecurity while we champion strategic initiatives and deliver results with speed and agility.

Cybersecurity helps protect the resilience of healthcare. At BD, cybersecurity is central to our culture, during Cybersecurity Awareness Month and throughout the year. Protecting BD products, manufacturing systems and enterprise IT is an extension of our commitment to doing what is right as we serve our Purpose of Advancing the World of Health™.

To learn more about cybersecurity at BD, visit the BD Cybersecurity Trust Center.

1 DBIR: 2023 Data Breach Investigations Report. Verizon. https://www.verizon.com/business/resources/reports/dbir/. Published June 6, 2023. Accessed September 28, 2023.
2 Close Encounters of the Third- (and Fourth-) Party Kind: The Blog. SecurityScorecard. https://securityscorecard.com/blog/close-encounters-of-the-third-and-fourth-party-kind-blog/. Published February 1, 2023. Accessed September 28, 2023.


Subscribe to receive BD blog alerts

* Required Fields