Almost two thirds of pharma companies have suffered serious data breaches while a quarter have been hacked, says a new survey.



The poll by Crown Records Management reveals that drugmakers are facing persistent criminal attacks not only on their physical assets but also their digital data.



"Data breaches are already big news following a cyber-attack on Carphone Warehouse which put the personal information of up to 2.4m customers at risk," notes Crown.



Meanwhile, the Ashley Madison infidelity dating website has made front page headlines following the theft and publication of data identifying its subscribers.



According to the survey of 407 senior IT figures in pharma companies12 per cent of firms have been attacked between seven and nine times, and 8 per cent on between 13 and 15 occasions.



Experts recommend a number of measures to help protect data, including limiting the number of locations where it is stored.



"These survey results should be a wake-up call for UK businesses, and especially those in the pharmaceutical sector, because the importance of protecting customer data is higher than ever," commented Ann Sellar, business development manager at Crown.



Those attacked face potential fines for data breaches - which will soon increase when the EU General Data Protection Regulation is ratified - but also loss of reputation. Around 80 per cent of data breaches stemmed from human error.



"It takes on average 20 years to build a reputation but just five minutes to ruin it with a data breach and then up to two years to rebuild it," said Sellar.



"So businesses need to look at the way they protect their information, understand where the threats are and start putting robust processes in place to protect their customers."



In June, the US Department of Homeland Security warned drugmakers that data breaches resulting from direct attacks on pharma companies, as well as their trading partners, is putting them at risk of downtime, lost revenue and share price manipulation, and the exposure of confidential patient data.



And in February, Chinese hackers accessed the records of around 80m patients after stealing data from US insurance company Anthem Inc, while last year security firm FireEye revealed that pharma companies had been targeted by the FIN4 hacking group, reportedly seeking information for insider trading.