The situation: Security incidents and threats from third parties, combined with a limited and inconsistent IT architecture: Growing security concerns forced our client, a pharmaceutical company, to rebuild its security functions from scratch. The company, which had reached critical relevance, must holistically secure its high-quality intellectual property and extremely sensitive data. Security deficits can cause considerable damage in the pharmaceutical field in particular and often result in loss of image, legal consequences or severe fines.
The request: With an end-to-end security transformation, we aimed to help the client to optimally protect their value chain and personnel against attacks from ransomware or zero-day attacks, for example.
Our approach
In cooperation with our entire Risk & Regulatory team, we developed a holistic security transformation that impressed the client with a combined risk treatment methodology. This included Global Security and Protection, Site Services, Business Continuity Management and Cyber & Information Security. This transformation journey consisted of three phases with objectives that built on each other. Firstly, our experts defined the security strategy by identifying the client’s global business goals, assessing threats, and prioritising the client requirements. They also defined the scope and mandate. The experts then derived the target operating model. To do this, they simplified security processes, established a global governance structure and team composition, harmonised technology stacks, and integrated IT, OT, cloud, and physical security. Finally, we supported the client by defining the future capacities of global teams across the implemented security solutions and helped with program control and risk management.
As a consulting company, we contributed to the development, design and implementation of a comprehensive security strategy throughout the entire transformation process of the Group.
“We align our entire work on a company's most significant threats and risks. To achieve this, we leverage a global team of over 4,000 cyber risk and compliance experts. This enables us to focus on the most critical and pressing issues and provide our clients with end-to-end support, from strategy to technical implementation, all in one place.”
Manuel Seiferth, Partner Cyber Security & Privacy, PwC GermanyDo you have further questions?
Contact our experts
The added value
Our team has combined expertise in the fields of pharmaceuticals and security to create a future-proof security architecture for the client. During this process, we took particular care to take into account the current expansion plans of the pharmaceutical company and to enable long-term scalability. This included establishing a strong central security structure so that the company and the research and development department in particular can concentrate on their core tasks.
By managing the risk landscape and achieving consistent compliance and risk levels across the organisation, we were able to ensure the protection of critical assets and data through an integrated security architecture and a dedicated governance framework. We also developed measures to protect staff, sites and products and to create improved security intelligence to prevent potential threats. Via dedicated reporting to the top management, we were ultimately able to contribute to decision-making – the basis for transparent cooperation based on trust.
“Our comprehensive end-to-end security transformation provides a lean and integrated approach to global security and protection. Our support enables the client to concentrate fully on their core activities.”
Manuel Seiferth, Partner Cyber Security & Privacy, PwC Germany
Contact us
Partner, Cyber Security & Privacy Strategy, Risk and Compliance, PwC Germany
Tel: +49 160 536-3800
