Assessing cyber risk in the US pharmaceutical industry.

Moody’s Investors Service released a report late last week on cyber risks in the pharmaceutical industry. The report says that overall, the cyber risk to the pharmaceutical sector is low.

Moderate exposure to systemic and digitization cyber risks.

The report details the pharmaceutical industry’s systemic risks, labeling them, taken in isolation, as moderate. The high-profile nature of the industry, alongside the potential impact on patients, hospitals, and pharmacies that could be caused by a disruption, causes the risk level to be moderate, rather than low. Digitization risks would receive the moderate label as well. Consumers often do not have direct relationships with pharmaceutical companies, but the data stored around the medicines and clinical trials leaves a big digital footprint.

Mitigations keep cyber risks low.

Cyber risk mitigations done by the industry as a whole, however, keep the overall risk low, despite the moderate severity of the systemic and digitization risks. Mitigation subcategories assessed include perimeter vulnerability, basic cyber practices and estimated cyber impact, which were all given a low risk rating.