 "Pharma industry body mulling policy framework to guide cos on cybercrime")
There is a need for pharmaceutical companies to have a policy framework within the Indian Pharmaceutical Alliance (IPA) along with cybersecurity awareness to guide the pharma companies against possible cyber-attacks, industry players felt.
This comes almost a year after Sun Pharma, the fourth-largest speciality generic pharmaceutical company in the world, had its business operations affected due to an information technology (IT) security breach.
Less than 10 per cent of people execute the daily practices of backing up the cybersecurity processes. The lack of this type of testing makes the company’s data vulnerable to data loss, said Kaushik Pandya, Advisor, Federation of All India IT Association and Co-founder of Kalp System.
This highlights the need for a framework for pharma companies to follow against cybercrime, he added.
For now, Indian pharma companies only have the DPDP Act (Digital Personal Data Protection Act, 2023) as the major cybersecurity standard. The top pharma companies in India operate globally, which has helped them to adapt their systems according to a global standard. So, if any standard solution is being made in India, it has to satisfy the data protection laws of Europe and the US, said Sreeji Gopinath, Director at SKG Advisory and Ex-CIO at Lupin, regarding the implementation of the latest DPDP Act in the pharma sector at a panel discussion about Enhancing Current Cybersecurity: Securing the Digital Future.
The Indian pharma companies are better off in terms of facing cyber-attacks now compared to a few years ago. However, the panel discussion highlighted that there is also a need for companies to have cyber audits or cybersecurity posture analysis to help the company understand and update their defences regularly, said Pandya.