Cybersecurity in the pharmaceutical sector: IBSA’s strategy between open innovation and global coordination

The digitalisation of processes has undoubtedly multiplied opportunities for the pharmaceutical sector – but it has also increased exposure to risks and vulnerabilities affecting systems, data and critical infrastructures.

As IT experts often remind us, the question is not if an attack will happen, but when – emphasising that risk is no longer a theoretical possibility, but a tangible reality that must be managed with awareness and proactivity.

For this reason, companies must define strategies and implement robust protocols before attacks occur, since only consistent and coordinated planning can ensure an effective response to unexpected events.

We discussed these challenges with Davide Meloni, Information Security Manager, who coordinates the IBSA Group’s cybersecurity strategy.

THE CHALLENGES OF THE SECTOR AND THE ROLE OF PEOPLE

In the pharmaceutical industry, cybersecurity presents unique challenges: data protection involves not only the digital sphere, but also the continuity of production activities – where cutting-edge technologies coexist with systems designed decades ago.

“Production machinery has an average lifespan of around twenty years, and IT systems are often no longer upgradable, exposing them to significant risks. From a technological standpoint, we are working with infrastructures conceived in another era”, explained Meloni. “That’s why it’s crucial to constantly monitor network traffic and abnormal machine behaviour, so that potential threats can be intercepted promptly”.

However, technology alone is not enough: the human factor often remains the weakest link. Cybersecurity, in fact, starts with people. Risk awareness and the ability to recognise suspicious activities must become an integral part of corporate culture – as essential as technical expertise itself. This is where training plays a central role: only informed, up-to-date, and engaged individuals can turn from potential vulnerabilities into the first line of defence, significantly contributing to the organisation’s overall security.

“The goal”, continued Meloni, “is to maintain high levels of awareness and make everyone conscious of their role in safeguarding corporate data and processes. IBSA has therefore developed a structured training and awareness plan for all its subsidiaries, including role-specific courses, periodic assessments and regular meetings”. 

THE PARTNERSHIP WITH ERMES: FROM PROBLEM TO CO-CREATION

Alongside internal investments, IBSA has also chosen to open up to external collaborations. This is the case with its partnership with Ermes Browser Security, a company founded in 2018 as a spin-off from the Polytechnic University of Turin and now an Italian scale-up specialising in corporate web-browsing protection using Artificial Intelligence solutions. The company has been recognised by Gartner⁽¹⁾ as one of the world’s leading browser security vendors. 

The collaboration between Ermes and IBSA began in 2022 as a traditional client-supplier relationship: IBSA was seeking a solution to strengthen the security of its employees’ online browsing. However, a more complex challenge soon emerged – advanced phishing, which can bypass conventional protection systems using sophisticated techniques such as cloaking⁽²⁾. At the time, none of the available solutions had proved truly effective against this type of threat.

This critical issue led to a transformation of the relationship into a genuine co-development project. IBSA provided test environments and real devices, while Ermes invested in researching a new anti-phishing component. The result was the development of software capable of identifying deceptive domains in real time, even when they change identities or conceal themselves behind sophisticated mechanisms.

Thanks to this joint effort, IBSA now benefits from a concrete and innovative protection system. A win-win model that confirms the value of open innovation, even in complex sectors such as pharmaceuticals. “It’s not always possible to solve everything internally”, noted Meloni. “Collaboration with dynamic, specialised companies allows us to accelerate our responses and create tailor-made solutions”.

Alessandro Vetrano, Enterprise Lead & Board Member at Ermes, added: “Innovation is made by people: it takes courage to experiment and to place trust in innovative, specialised partners. IBSA has shown an open and pragmatic mindset, choosing to collaborate with companies like Ermes – agile and flexible in tackling specific challenges. True progress comes from this kind of synergy”.

From the misuse of artificial intelligence to targeted attacks on industrial systems, the exposure surface for threats continues to expand and risk areas are evolving rapidly. The partnership with Ermes has enabled IBSA to close a significant security gap and further strengthen its culture of innovation – all within a solid and clearly defined cybersecurity strategy that integrates advanced technologies, staff training, and predicting capabilities with ever-increasing efficiency.

⁽¹⁾Gartner is a leading global research, consulting, and strategic advisory company for IT and management.

⁽²⁾A computer technique that allows search engines to display content that is different from what the website actually offers to users.