The MHRA have been issuing majors to pharmaceutical wholesalers for several years if they do not have a backup procedure and there is no evidence of it being tested. Loss of data may result in a critical finding if it cannot be produced during an inspection.
Why do they do this? Firstly it is to help you get your act together and to mitigate the risk of data loss which is expensive, time consuming to fix, and may paralyses your company. Barts and the London NHS Trust was crippled for over two weeks after Wannacry.
All too often I hear IT managers saying , they have not enough budget or it is not the system it is the users. Passwords are shared, back-ups are interrupted , patches are put off and peoples access privileges are not tightly managed. It is time to audit at what is happening in your company and take appropriate actions and seek specialist help if required.
One mitigating step against Cyberattacks