Addressing Data Security Gaps in Drug Manufacturing: Insights from Nigeria

The pharmaceutical industry’s growing reliance on data-driven initiatives intensifies the risk of breaches involving proprietary formulations and patient information. Despite guidance from WHO and PIC/S, data security in pharmaceutical manufacturing, particularly in Nigeria, remains inadequate. This study examines data security gaps in both regulatory guidelines and operational practices within Nigeria’s pharmaceutical sector. Previous research has focused on personal data protection, often overlooking business-critical data and the alignment between standards and practice in developing economies. To address this gap, a qualitative multiple-case study was conducted with 31 IT and cybersecurity professionals from five Nigerian pharmaceutical firms seeking WHO cGMP prequalification. Semi-structured interviews and a document analysis of three international guidelines enabled triangulation of regulatory and operational insights. Thematic and content analyses revealed recurring issues such as poor data classification, weak encryption, insufficient data recovery tests, and inadequate audit trails, factors that increase vulnerability to breaches and compromise data integrity. In response, the study proposes the PhIDS Model, a contextual data security model tailored to pharmaceutical manufacturing in low- and middle-income countries. This model contributes to global discourse on pharmaceutical data governance by highlighting the need for harmonized yet adaptable standards. It also emphasizes the importance of aligning local operational realities with regulatory expectations. Future research should explore the PhIDS Model’s integration with technologies such as AI and industrial IoT to enhance data resilience in the sector.