Data security a priority for pharma companies in India: Deloitte India–DSCI report

With the increased focus on digital transformation, pharma companies in India are prioritising data security, finds a Deloitte Touche Tohmatsu India LLP (Deloitte India) and Data Security Council of India (DSCI) report, “Indian pharma takes digital leap – what does it mean for cybersecurity?” The report further says ransomware attacks and IP and data theft were the top cybersecurity concerns for the sector, both in India and globally.

DSCI and Deloitte conducted more than 25 expert discussions between August 2021 and March 2022, where leading pharma companies and industry experts, both global and in India, shared their views on the pulse of the sector and the rising focus on cybersecurity.

Commenting on the report findings, Gaurav Shukla, Partner and Leader, Cyber, Deloitte India, said, “With proper regulatory support, collaboration and ecosystem development, the pharmaceutical sector is ready to become a “world pharmacy.” Now is the perfect time to harness the power of technology and digital transformation to drive this growth and enable Indian pharma to set a new paradigm in the global arena. To be able to scale this digital vision and create trust globally, the pharma sector must recognise cybersecurity as a key lever, working towards bolstering security around data, Operational Technologies (OT), and across the supply chain. This ability to utilise cybersecurity as a key enabler for business and digital transformation can help pharma organisations make the transition from a leader to a trusted leader.”

For leading pharma companies, cybersecurity investments have increased by a minimum of 25 to 30 per cent between 2019 and 2021. The pandemic and the rising number of targetted attacks have prompted certain pharma companies to double their cybersecurity investments over the past 18 months.

As part of the cybersecurity strategy, along with data protection and resilience, identity and access management, OT security, offensive security capabilities, and better threat detection and response are some focus areas for pharma companies in India. Furthermore, 70 per cent of the leading pharma companies highlighted their focus on a zero-trust approach with the need for a clear roadmap over the next two years, around network, data and access.

Rama Vedashree, CEO, Data Security Council of India, said, “The pandemic catapulted the Indian pharma sector from a drug manufacturer to one of the leading global pharma solution providers through novel drug R&D, high-end production, personalised healthcare, driven by digital transformation. The DSCI–Deloitte joint report underpins the rapid transformation and opportunities lying ahead of the pharma sector, and the way it affects their cybersecurity posture. While Production Linked Incentive (PLI) schemes and government support will encourage more niche manufacturers and research-led organisations, the focus on cybersecurity adoption and effectively managing cyber risks will enable business transformation and establish market leaders in this sector.”

For organisations who have made significant investments in the past two years, their future investments are likely to stabilise, mostly focussed on better third-party management, enhanced monitoring, optimisation through automation and outsourcing, and security around digital transformation and new-tech adoption.

The report lists down certain cybersecurity considerations for pharma companies. It includes better cyber preparedness, cyber due diligence in M&As, along with having cyber insurance. Apart from a zero-trust approach, adopting a security-by-design, resilient-by-design and safety-by-design approach has also been recommended. Strengthening the supply chain and OT security, enhancing monitoring and awareness and empowering CISO to effectively manage cyber risks across functions are also some considerations for pharma companies in India.