Pharma cybersecurity: IBSA's commitment to ensure continuity for patients

In the age of digitization, everything concerning processes, procedures, documents, operations and the entire wealth of knowledge of companies is intertwined with the new technologies; the issue of information security has therefore become a critical issue for every organisation. According to the Allianz Risk Barometer 2023 – the 12th edition of the survey conducted by Allianz on the main risks perceived by companies globally – the main concern of the companies is represented by cyber risks, such as IT business interruptions, ransomware attacks and data breaches.

In this context, the pharmaceutical industry is no exception: with the creation of the so-called Pharma 4.0 sector and the dissemination of IoMT (Internet of Medical Things) devices, pharma cybersecurity has become a hot topic, and the protection of information relating to scientific data, research and development and patient personnel requires large investments in terms of infrastructure and digital technologies, as well as training.

DATA SECURITY AND PRODUCTION CONTINUITY

In the pharmaceutical sector, the consequences of a cybersecurity incident can be very serious, with effects ranging from the contamination of medicines to the infringement of intellectual property, from the interruption of production activities to the loss of scientific data and the violation of personal data of patients.

Protecting all this information and, in general, the entire system from cyber threats is not only a legal obligation and a reputation issue for IBSA, but it's first of all essential to preserve production continuity and ensure the availability of drugs and medical devices to patients.

The interruption of activities in a production plant – for example in the case of the so-called "machine downtime" – not only causes an enormous economic damage, but can also have potential repercussions on the quality of the drug and, consequently, on the distribution and availability of the products. According to official estimates, it has been assessed that a cyber attack, in the most serious cases, can cause damage to production of up to CHF 25 million. For IBSA, in particular, the IT security risks are many, since the company fully manages all phases of the product chain: from research and development, to exclusive production up to worldwide distribution.

For this reason, for some time now IBSA has been dedicating great attention to the IT security of its networks, so as to be able to deal with threats that could compromise production continuity, but not only: hence the monitoring and control with different levels of access and authorizations, the adoption of state-of-the-art software and the implementation of artificial intelligence processes to identify possible threats.

TRAINING PEOPLE FOR IT SECURITY

IBSA has put in place all the necessary measures to reduce IT risk, also through the training of its people. In fact, in the cyber field, the human element is often considered as the weak link, that can create "leaks" in a system that is already very articulated and complex in itself. Precisely for this reason, the Information Technology department has implemented a training programme with mini-tutorials, divided by levels of knowledge and final tests, which are regularly and constantly administered to all personnel, in order to raise awareness of IT security issues and thus reduce any potential risk of digital breaches. Furthermore, IBSA's investment in cyber security includes a programme planned and organized over several years with the aim of securing production, patents and the core of products.

To support the development of the company and to inspire trust in the organisation; to instill a culture of cyber security, to promote corporate welfare and patient safety: that's IBSA's commitment!