I had an illuminating conversation recently with Mike Towers, Chief Information Security Officer at Takeda Pharmaceuticals International, one of the world’s largest pharmaceutical companies

In his role at Takeda, Mike partners with business leadership to prioritize the protection of critical information and technology assets, continually balancing control and tolerance within the digital experience. He is accountable for the strategy, implementation and monitoring of the controls necessary to mitigate security risks and to assure the confidentiality, availability and integrity of Takeda’s data.

Mike and his team design and execute measures to identify and safeguard the information and data supporting Takeda’s patients, people, biopharmaceutical research, development, global supply chain and commercial businesses across 110 countries. He and his team also ensure that digital and technology systems are managed in accordance with compliance, quality, legal and regulatory requirements.

“Ten or 15 years ago, we had very little direct engagement with patients and physicians,” Mike explains. “But the digitization of our industry is changing all of that, and now it’s becoming important that patients trust their digital experiences with the company in the same way they trust the efficacy of the products they’re taking.”

For Takeda, that entails providing safe and secure digital experiences not just for the company’s workforce of 70,000 persons, but also for 20 million patients and 2 million physicians. That puts Mike and his team under intense pressure to deliver world-class cybersecurity at every possible touchpoint, all the time.

The scale and scope of the company’s digital transformation are genuinely impressive, and Mike has developed a close working relationship with the company’s executive board. While the number of times he meets with the board has doubled over the past year, the amount of time he spends presenting to them has tripled.

“When you shift your focus to providing trusted digital engagements with patients and physicians, you’re taking on more risk,” Mike says. Part of the CISO’s role is explaining those risks and putting them into perspective so company leadership can weigh the trade-offs and make sound business decisions.

Discussions about third-party risk have become more frequent as the pace of digital transformation continues to accelerate. “I challenge anyone to find a business process that does not involve a third party in some way, shape, or form,” Mike says. “Third-party risk is growing more acute, and it comes up every board meeting.”

I admire Mike’s candor and his ability to present complicated technical issues in ways that resonate with business leaders. “At the end of the day, one of the CISO’s primary responsibilities is educating people so they can make the best choices,” he says.