A costly lesson to learn, but it sounds like Merck learned it. Fortune reports:
Cybersecurity has always been a priority, but got even more attention inside Merck after the company was stung by the NotPetya cyberattack in 2017, which reportedly damaged more than 30,000 of the company’s computers. It led to $1.4 billion in claims stemming from the attack; Merck only reached a settlement with insurers earlier this year.
[…]
Cybersecurity risks have led Merck to invest in companywide cyber training programs and zero trust security, a framework that assumes no user, device, or communication can be trusted and thus demands continuous verification.
Merck’s focus on prioritizing strong controls around cybersecurity is an important layer as the company embraces generative artificial intelligence.
Read more at Fortune.