PharmaCo (Spanish version)

Description

PharmaCo was a large, multinational, integrated pharmaceutical company. Its board of directors was meeting to discuss a possible friendly merger with a complementary competitor and to review a quarterly cybersecurity report. However, before either of these discussions could begin, PharmaCo’s chief financial officer interrupted with news that the company’s customer database had been encrypted by hackers in a ransomware attack and a ransom of $25,000 in Bitcoin had been demanded. Unfortunately, this was the first in a series of cyber attacks affecting the organization. The board of directors must increasingly deal with a number of issues brought by management and make some critical decisions in overseeing this crisis.

Learning Objective

This case, presented from the perspective of the board of directors, is a five-part, tabletop simulation of a cyber incident and breach affecting a medium-sized, global, integrated pharmaceutical company. Intended primarily for a senior audience either in advanced degree programs or in executive education programs aimed at senior leaders or board directors, the case includes a main case note that provides background on the company and the current competitive context plus five “injects,” or complications, that accrue from the original situation. Discussion of the case is meant to be a highly interactive, role-playing simulation. The ultimate goals for participants are the following: ·Understand the sources, nature, and extent of cyber threats facing organizations. ·Understand the nature of standalone cyber attacks and the progressive nature of targeted cyber campaigns. ·Understand the role of the board of directors regarding the oversight of cybersecurity in organizations. ·Develop the knowledge and skills necessary to effectively oversee cyber-resilience in organizations, including cybersecurity audits, cyber insurance, and monitoring and testing.