The UK pharmaceutical sector has become a prime target for cyber attackers, driven by the value of intellectual property, clinical trial data, and critical supply chains. As the industry becomes more digital, security leaders are increasingly responsible not only for protecting data, but also for enabling business continuity, regulatory compliance, and global innovation. This list highlights some of the most influential cybersecurity leaders connected to UK pharma, whether they currently hold the CISO title or lead security in adjacent roles.
From global pharma giants to specialised biotech and health-tech companies, these leaders have built reputations for transforming security programmes, building risk-based strategies, and strengthening resilience in highly regulated environments. They represent the evolving role of the modern security executive: not just defenders, but strategic partners in enabling the next generation of healthcare innovation.
Craig McEwen — Global CISO, Dechra Pharmaceuticals
Craig McEwen is a professional and motivated leader with extensive experience in defence, managing large budgets, and overseeing complex projects across air, land and sea environments. He transitioned into the pharmaceutical sector and now serves as Global CISO at Dechra, where he leads cybersecurity strategy across the organisation. His background in high-pressure environments and large-scale programme delivery makes him a strong example of the security leadership needed in modern pharma.
Michael Elmore — SVP & Global Chief Information Security Officer, GSK
Michael Elmore serves as SVP and Global CISO at GSK, where he oversees cybersecurity strategy for one of the UK’s largest pharmaceutical companies. Previously, he led the Cyber Security Office for Haleon and has also held senior leadership roles at Cisco and Cigna Healthcare. Elmore’s career is defined by large-scale transformation, risk-based governance, and future-focused security planning, especially in highly regulated industries.
Andy Hodgson — Former Global CISO, Mundipharma (now Managing Director, Secure Information Assured)
Andy Hodgson is a seasoned CISO with 35 years of experience in security and resilience, including roles at Mundipharma and QinetiQ. While he now runs his own consultancy, his leadership legacy in pharmaceutical security remains significant. He is known for transforming security strategies into practical action and advising boards on managing digital risk, skills that are essential in pharma, where cyber threats intersect with patient safety and regulatory compliance.
Stuart Wilson — Senior OT Security Architect, AstraZeneca (and CISO-level consultant)
Stuart Wilson is a senior cybersecurity leader and governance specialist with over 25 years of experience in regulated environments. He has worked on major programmes, including a pioneering IIoT cybersecurity strategy for GSK, and he currently serves as Senior OT Security Architect at AstraZeneca. While not always titled “CISO,” his influence on OT security and governance at leading UK pharma organisations makes him a key security leader to watch.
Trevor Rees — Head of Global Security, AstraZeneca
Trevor Rees leads global security at AstraZeneca, focusing on protecting people, facilities, and operations in a highly complex global environment. While his role is not specifically “CISO,” his leadership in corporate security is critical for pharma, where physical and cyber threats increasingly overlap. Rees is a strong example of how modern security leadership extends beyond IT to cover enterprise-wide resilience.
Dave Southward — Information Security Officer, Walgreens Boots Alliance (Retail Pharmacy International)
Dave Southward leads information security for Walgreens Boots Alliance’s Retail Pharmacy International division, which includes major UK pharmacy operations. His role is central to securing patient data, retail systems, and supply chain processes across the region. Southward’s experience shows how security leadership in pharmacy retail can be just as vital as in drug manufacturing and R&D.
Dr. Kevin Jones — Global CISO, Bayer
Dr. Kevin Jones serves as Global CISO for Bayer, a major multinational with significant UK presence and operations. He brings broad experience across IT, industrial, and product security, and is a respected voice in the UK security community. While Bayer is not UK-headquartered, Jones’s influence on security strategy across the UK and Europe makes him a key leader for UK pharma watchers.
The Future of Pharma Security Depends on Strong Leadership
As the UK pharmaceutical sector continues to digitise and innovate, security leadership will remain one of its most critical assets. The leaders highlighted here represent the blend of technical expertise, business partnership, and risk-based strategy required to defend some of the most valuable and sensitive data in the world. Whether they hold the official title of CISO or operate in adjacent security leadership roles, their work sets the standard for protecting innovation, safeguarding patients, and enabling growth in the modern pharma landscape.