Updated at 6pm on 15 January 2024 to incorporate a joint statement from Alkem Laboratories and Check Point Software Technologies
Alkem Laboratories has reported a cyber security incident that resulted in a transfer of funds of around Rs52 crore from the company. The incident happened because the business email IDs of certain employees were compromised at one of the company's subsidiaries.
Alkem Laboratories says the amount involved "did not cross the quantitative thresholds of materiality as per the Company's policy on determination of materiality of events or information".
To investigate the incident, the company employed an external agency. It has already submitted its report to the board of directors. This disclosure raises concerns about the internal procedures of the company. It also raises concerns about its tie-up with Check Point, which provides cyber security solutions to the company.
As per Alkem, "the incident did not occur due to any fraudulent act on the part of any of the promoters, directors, key managerial personnel or any member of the senior management or any other employee of the Company or its subsidiary. Further, the Company has taken all necessary steps and filed necessary complaints with concerned governmental and regulatory authorities in this matter".
Although Alkem downplays the incident's significance, it highlights the cyber security landscape within India's pharmaceuticals sector. Given that these companies possess invaluable intellectual property and sensitive patient data, they become attractive targets for cybercriminals. The Alkem case serves as a cautionary tale, underscoring the imperative for robust cyber security measures and heightened vigilance within the industry.
Alkem Laboratories tied up with NASDAQ-listed cyber security solutions-provider Check Point Software Technologies Ltd in November 2023. It had integrated the security infrastructure with its solution to protect its 23 manufacturing facilities located across India and the US.
At that time, Bijender Mishra, global chief information security officer (CISO) of Alkem Laboratories, had said, "As the threat landscape continues to evolve, companies need to future-proof their security infrastructure. The new products have automated the entire procedure, which has helped us reduce the time and resources spent on combating phishing emails and pressing cyber threats."
On its website, Check Point mentioned that "Recognising that over 90% of cyberattacks on organisations originate from malicious emails, Alkem also deployed Check Point Harmony Email to protect their employees' inboxes. As a result, Alkem observed a significant reduction in phishing emails—from 50 daily reports to zero".
Alkem has a market-capitalisation of nearly Rs60,000 crore and reported a net profit of Rs1,430 crore over the past four quarters.
Separately, Alkem Labs has appointed Nitin Agrawal as its chief financial officer (CFO) from 1 February 2024 after the retirement of Rajesh Dubey. Mr Agrawal has around 19 years of experience in healthcare and FMCG.
UPDATE:
In a joint statement, Mr Mishra, global CISO of Alkem Labs and Check Point Software Technologies, stated:
"Last year, Alkem Labs encountered a cyber breach involving fraudulent email IDs of select employees at one of its subsidiaries. This foreign subsidiary was operating independently outside the corporate systems, which at the time was not leveraging Check Point's security solutions.
As a responsible corporate entity, Alkem Labs fully disclosed this minor breach to the Securities and Exchange Board of India -SEBI. Following this breach, Alkem Labs quickly resumed normal business operations with minimal impact on the entire organisation.
Taking proactive measures to bolster their cybersecurity after this fraudulent breach, Check Point Software Technologies was engaged quickly to extend the same fortified security infrastructure present in the Alkem Labs corporate structure across to the entire Alkem Labs subsidiaries, both domestic and internationally, particularly focusing on networks and emails."