Black Kite vs. The Competition See the Difference →

Research Uncovers Ransomware Susceptibility for Pharmaceutical Manufacturing Supply Chain, with $31.1M at Risk

One in 10 Pharmaceutical Manufacturers are Highly Susceptible to Ransomware, According to Black Kite

BOSTON  – May 18, 2021

New research in Black Kite’s 2021 Ransomware Risk Pulse: Pharmaceutical Manufacturing report reveals one in 10 global pharmaceutical manufacturers are at a high risk of suffering a ransomware attack. The report evaluates the cybersecurity posture of the 200 largest global pharmaceutical companies and 166 associated third-party vendors, uncovering the biggest threats facing the supply chain.

Using the patent-pending Ransomware Susceptibility Index®  (RSI™), Black Kite researchers evaluated data from various open-source intelligence (OSINT) sources Black Kite used data and machine learning to correlate 26 control items and provide a ransomware susceptibility score. Black Kite’s RSI scores range on a scale from 0.0 (less susceptible) to 1.0 (more susceptible).

Researchers found 9.5% of the top 200 global pharmaceutical manufacturers and 12.2% of pharmaceutical industry IT solutions providers registered an RSI™ above the critical threshold of 0.6. The RSI™ for more than 42% of pharmaceutical data management vendors exceeds 0.6.

“We have seen how ransomware attackers can shut down a gasoline pipeline in the past week. Imagine if a ransomware attack halted a manufactured COVID-19 vaccine hostage or stopped the production of vital chemotherapy drugs,” said Bob Maley, Black Kite’s Chief Security Officer. “Billions across the globe rely on pharmaceutical manufacturers. Ransomware attacks on 10% of the globe’s pharmaceutical companies could have an immense impact.”

The financial impacts of ransomware attacks go far beyond the ransom payments themselves, and include replacement costs, i.e., halting business operations, productivity losses, forensic costs, legal costs, and lost business as a result of eroded patient trust.

Black Kite researchers calculated the probable financial impact (risk) for each pharmaceutical company. First, researchers derived a “Loss Event Frequency,” which is the cyber event frequency a company is likely to have within a year. Upon multiplying the LEF value with the probable cost of a ransomware attack, Black Kite determined that the average annual cybersecurity financial risk for pharmaceutical companies tops $31 million.

Read full report here →

About Black Kite

In 2016, Black Kite began its journey to redefine third-party risk management (TPRM), building the world’s first security ratings service designed from a hacker’s perspective. With 200+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem.

While other security ratings service (SRS) providers try to narrow the scope, Black Kite’s non-intrusive, powerful scans tell the full story. Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.


Danielle Lewan
Black Kite, Inc.
Email: [email protected]
Phone: (706) 474-5703