See full data below:
Data breaches in the pharma sector are costly, with the average cost of remediation topping $10 million in 2022, according to separate research from IBM.
A total of 70% of Rackspace survey respondents indicated that the level of concern for cybersecurity has surged in the C-suite over the past year.
Top cybersecurity-related worries include 59% operational downtime, 57% loss of intellectual property and data, 53% damage to brand reputation, 50% revenue loss and 42% legal consequence.
Rackspace Technology and Microsoft enlisted Coleman Parkers Research to oversee the study, which was conducted from July and August 2023 and analyzed responses from 1,420 IT decision-makers. Participants spanned a variety of sectors, including manufacturing, digital native/technology, financial services, retail, government/public sector, and healthcare. It included respondents from the Americas, Europe, Asia, and the Middle East.
An industry increasingly under cyberattack
The pharma industry has faced a handful of high-profile attacks in recent years, including a 2014 cyber-espionage campaign known as Dragonfly/Energetic Bear. The attackers in that attack used spear-phishing to collect data about companies that supply the sector and eventually to download specific industrial control system (ICS) components. The attackers then stole intellectual property, most likely for counterfeiting. Victims of the attack tended to be small players with fewer than 50 employees.
Attackers have also set their sights on larger players as well. For instance, a 2017 NotPetya attack on Merck resulted in a significant revenue loss. In 2020, AstraZeneca and Pfizer were also targeted in cyberattacks.
The sector, like other industries, has also grappled with an uptick in ransomware attacks, with attackers such as REvil/Sodinokibi and Egregor targeting pharma. The COVID-19 pandemic has resulted in an increase in attacks, with threat actors aiming to extract valuable information, research, and vaccine data stored within the pharma systems.
Phishing attacks are also up as are business application attacks in the sector.
The role of AI in cyber
In recent years, a growing number of cybersecurity vendors have positioned AI technologies as a core part of their offerings. The technology promises to help defenders anticipate and respond to increasingly sophisticated and prevalent cyber threats, given its ability to analyze vast amounts of data in real-time and predict potential threats.
The technology can also empower attackers. The recent Rackspace survey found that AI is a driver of pharma firms’ security posture and investment. Some 62% of participants reasoned that AI translated to a heightened need for cybersecurity while 82% of pharma companies reported having a formal policy on AI governance and security.
The level of employee awareness and understanding of AI governance and security policy stands at 47% fair, compared to 31% great. These policies address data classification and security concerns in a variety of ways, such as by implementing stricter security measures on data storage and access (56%), minimizing exposure of sensitive data (54%), and setting data classification frameworks and guidelines (43%).
Budget increases for pharma cybersecurity
Given the increased focus on cybersecurity, the bulk of pharma companies, 66% according to the survey results, have bolstered their cybersecurity budget over the past year. Only 2% have reduced their cyber budget. Among those who have increased their budget,
three-quarters boosted their cyber budgets by 4% to 20%. A total of 74% of pharmaceutical firms allocate between 9% to 20% of their entire IT budgets specifically to cybersecurity.
Despite increasing budgets, pharma companies aren’t uniformly relying on hiring to shore up its cyber defense, possibly owing to a shortage of skilled professionals in the area. More than half, 54%, of pharma companies reported challenges related to having cybersecurity staff getting poached while 48% said training and development programs did not meet employee needs and 44% said there was a high demand but low supply of cyber talent.
Consequently, many companies are leaning on technology to enhance cyberdefenses. Many pharma players are also working to address the skills gap by creating a better work environment (54%) and more opportunities for professional development (47%). A total of 45% are focused on building their brand to attract prospects.