In recent years the pharmaceutical industry has become one of the main targets for costly cyberattacks. According to IBM’s 2024 report, the average cost of a data breach reached a staggering $4,88 million. While this marks a slight decline from 2021, when the average was $5,04 million, the financial impact remains among the highest across all industries (just after healthcare and financial services).
Phishing continues to be a leading threat: it was the most common attack vector in 2023 and ranked as the second most expensive, costing companies an average of $4,76 million. The massive cost of breaches highlights the need for robust cybersecurity in the pharmaceutical sector, especially as Industry 4.0 connectivity increases risks.
Evolving regulations are playing a pivotal role in shaping how cybersecurity is implemented across the pharmaceutical industry.
Regulation (EU) 2023/1230, outlines specific cybersecurity requirements for control systems. According to Annex III, Section 1.1.9, these systems must be protected against corruption, while Section 1.2.1 emphasizes the need for their reliability under stress or malicious interference. Control systems must be able to secure connections, protect hardware and crucial data from unauthorized manipulation. They must be equipped with mechanisms that can log interventions and detect anomalies while also withstanding malicious attempts. By designing control systems with resilience at their core, companies ensure high levels of safety, reliability and operational security in pharmaceutical manufacturing.
References:
Regulation (EU) 2023/1230: Official Journal of the European Union
Regulation (EU) 2019/881: EU Cybersecurity Act
To guarantee the security of an evolving digitalized pharmaceutical industry, companies must invest in cybersecurity, no longer just for compliance, but for actual necessity. Focusing on innovative solutions and advanced features is the key to protect clients’ operations and reputation.