Kopenhagen Konsulting was called in by a global pharmaceutical company to create a fresh information security strategy and governance model. This move was sparked by a major IT reorganization, with the goal of boosting security efforts across the whole organization—not just within IT—and aligning them with the shifting threat landscape and evolving business needs.

Working closely with internal experts and business leaders, we rolled out a four-step plan. We kicked things off by redefining the core purpose of information security, conducting a deep dive with over 40 structured interviews to gather insights. Then, we evaluated the current state of security in the company, pinpointing key challenges. From there, we crafted a strategic direction, breaking it down into clear, actionable goals with short-, medium-, and long-term steps mapped out in a detailed roadmap. Lastly, we revamped the governance model, ensuring it provided a solid foundation for security management across the company, supported by a newly signed Information Security Charter.

The executive team gave a thumbs up to the strategic direction, and the revised governance model was put into action to drive the plan forward. Key results include:

• A clearly defined mission for information security, rooted in business priorities.
• Enhanced understanding of security risks across the board.
• A shift in perspective, seeing security as a business priority rather than just an IT issue.
• A practical execution plan with measurable short-, medium-, and long-term goals.
• Strengthened governance with well-defined roles and mandates.