Data security a priority for pharma firms: Deloitte India–DSCI report

Ransomware attacks and IP and data theft were the top cybersecurity concerns for the sector. The pandemic and a rising number of targeted attacks have prompted certain pharma companies to double their cybersecurity investments

Mumbai: With the increased focus on digital transformation, pharma companies in India are prioritizing data security, finds a Deloitte Touche Tohmatsu India LLP (Deloitte India) and Data Security Council of India (DSCI) report, “Indian pharma takes digital leap – what does it mean for cybersecurity?”
The report further says ransomware attacks and IP and data theft were the top cybersecurity concerns for the sector, both in India and globally.
DSCI and Deloitte conducted more than 25 expert discussions between August 2021 and March 2022, where leading pharma companies and industry experts, both global and in India, shared their views on the pulse of the sector and the rising focus on cybersecurity.
Commenting on the report findings, Gaurav Shukla, Partner and Leader, Cyber, Deloitte India, said “With proper regulatory support, collaboration, and ecosystem development, the pharmaceutical sector is ready to become a “world pharmacy”. Now is the perfect time to harness the power of technology and digital transformation to drive this growth and enable Indian pharma to set a new paradigm in the global arena. To be able to scale this digital vision and create trust globally, the pharma sector must recognize cybersecurity as a key lever, working towards bolstering security around data, Operational Technologies (OT), and across the supply chain. This ability to utilize cybersecurity as a key enabler for business and digital transformation can help pharma organizations make the transition from a leader to a trusted leader.”
For leading pharma companies, cybersecurity investments have increased by a minimum of 25 to 30 percent between 2019 and 2021. The pandemic and the rising number of targeted attacks have prompted certain pharma companies to double their cybersecurity investments over the past 18 months.
As part of the cybersecurity strategy, along with data protection and resilience, identity and access management, OT security, offensive security capabilities, and better threat detection and response are some focus areas for pharma companies in India. Furthermore, 70 percent of the leading pharma companies highlighted their focus on a zero-trust approach with the need for a clear roadmap over the next two years, around network, data, and access.
Rama Vedashree, CEO, Data Security Council of India said, “The pandemic catapulted the Indian pharma sector from a drug manufacturer to one of the leading global pharma solution providers through novel drug R&D, high-end production, personalized health care, driven by digital transformation. The DSCI–Deloitte joint report underpins the rapid transformation and opportunities lying ahead of the pharma sector, and the way it affects their cybersecurity posture. While Production Linked Incentive (PLI) schemes and government support will encourage more niche manufacturers and research-led organizations, the focus on cybersecurity adoption and effectively managing cyber risks will enable business transformation and establish market leaders in this sector.”
For organizations who have made significant investments in the past two years, their future investments are likely to stabilize, mostly focused on better third-party management, enhanced monitoring, optimization through automation and outsourcing, and security around digital transformation and new-tech adoption.
The report lists down certain cybersecurity considerations for pharma companies. It includes better cyber preparedness, cyber due diligence in M&As, along with having cyber insurance. Apart from a zero-trust approach, adopting a security-by-design, resilient-by-design, and safety-by-design approach has also been recommended. Strengthening the supply chain and OT security, enhancing monitoring and awareness, and empowering CISO to effectively manage cyber risks across functions are also some considerations for pharma companies in India.