Cybersecurity: Indispensable for the digital future of the pharmaceutical industry

Increasing digitization and risks

Since the COVID-19 pandemic, the pressure on the sector has increased enormously. Drug development needs to speed up, processes are becoming increasingly automated and data exchange between systems is expanding. All this increases the attack surface for cybercriminals. At the same time, pharmaceutical companies are particularly vulnerable due to their valuable intellectual property and sensitive patient data.  

The sector faces unique challenges:

• Production losses are extremely costly
• Strict compliance requirements such as GMP, GxP and NIS2 make security complex
• Many legacy OT systems are not designed for modern cyber threats
• Intellectual property and patient data are highly sensitive

This makes the sector an attractive target for cybercrime. 

IT/OT convergence and the importance of modernization

The integration of IT and OT systems offers many advantages, such as improved data analysis and more efficient processes. However, traditional IT security often does not work in OT environments where process availability and safety take priority. An innocent connection between production and the office can make the entire system vulnerable. Real-time monitoring of network traffic is therefore essential to immediately identify deviations without disrupting production.

A good example of the need for modernization is Organon in Oss. In 2017, even before it became independent, the company was hit by a cyber incident. That was the moment to change course. Together with ICT Group, an intensive process was started to redesign the entire IT and OT environment. First, a thorough inventory was made and an action plan was drawn up, after which ICT Group took on the implementation. This meant that all parts of the organization were examined and modernized where necessary. Today, security is a standard component of every project, and Life Cycle Management has been fully integrated into daily practice. Organon now carries out regular upgrades and replacements, with ICT Group providing the necessary expertise and implementation. This approach has enabled Organon to transform from a reactive to a proactive organization: installations are now replaced before they fail, and the production environment is much more resistant to external influences. According to Roel van de Camp, Site Lead Life Cycle Management at Organon, this step was essential: ‘Modernization is simply a must. Without it, you get more and more malfunctions, and no one can afford downtime in our production environment. We could never have done this on our own as an organization. For us, this partnership with ICT Group is indispensable.’

Towards an integrated approach

Effective cybersecurity requires an integrated approach from day one. Security measures must be directly linked to compliance requirements such as audit trails, electronic signatures and time synchronization. Governance and responsibilities for access management, vulnerability scans and incident response must be clearly defined. A practical cybersecurity framework for pharma consists of segmented OT environments in accordance with IEC 62443, real-time monitoring of critical systems with specialized OT security tools, secure integration of legacy systems via protocol bridges, NIS2 compliance for organizations that fall under critical infrastructure, and layered defense with network segmentation, endpoint protection, and access management.

Conclusion

Investing in cybersecurity is not an expense but a strategic choice. Companies with a robust cybersecurity strategy can digitize faster, meet compliance requirements more easy and minimize production risks. Cybersecurity in pharma is not just about preventing incidents but about creating a secure foundation for innovation and growth.

Would you like to discover how ICT Group can help your pharmaceutical organization set up robust cybersecurity? Please contact Michel van Heumen or Edward van Katwijk for an exploratory meeting.