Industry insights

Life sciences

As a knowledge industry, life sciences is steeped in cyber risk. These organizations must secure sensitive client and patient information, and third-party risk is paramount as global partnerships are essential for the supply chain and to complete clinical trials. Add remote working to this, and the situation is challenging.

How does the life sciences industry stack up?

2.4 (basic)

The average CyQu rating for life sciences organizations globally is 2.4/4 (basic).

What this means

This rating indicates that cyber security maturity is at a basic level. Organizational cyber security risk management practices and technologies are not formalized. Risk is managed in an ad hoc and sometimes reactive manner. Risk management practices and technologies are not established.

Explore the most pertinent cyber risks to life sciences organizations, map them to key cyber security controls, and determine actions your organization can take to close cyber security gaps.

Click below (+) to learn more

*Aon's Cyber Quotient Evaluation (CyQu) is a comprehensive cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas.

Underpinned by proprietary data and expert insights, explore four key risk themes that are prominent to life sciences organizations today.

Read below to learn more

Navigate new exposures:

Rapid digital evolution

For most life sciences organizations, a worst-case scenario is an attacker in the Operational Technology (OT) environment. Yet only 36% of organizations report that they have regular penetration tests with both internal and external parties. Alarmingly, 17% do not do any form of penetration testing. Specialist penetration testers are needed to help identify critical vulnerabilities.

Know your partners:

Third-party risk

Only 13% of organizations have adequate ‘third-party due diligence’ assessments to prevent and detect third-party risks to confidential data, supply chain systems, and critical Operational Technology (OT) infrastructure. This exposes pharmacovigilance systems, distribution systems, and operational production processes to cyber attacks via third- party intrusion.

Concentrate on controls:


Industry password management is taken very seriously, with 87% of organizations adopting strong controls. However, only 17% deploy strong Multi-Factor Authentication (MFA) across their Information Technology (IT) networks. This means password compromise can still lead to sensitive data compromise, or initial intruder access.

Perfect the basics:


As expected, this topic is a more secure area for life sciences given the highly regulated environment. However, the industry still lacks maturity, and data classification is a challenge. This is concerning given the data-heavy nature of the industry and the need to protect valuable intellectual property (IP). 37% of organizations report not having an adequate approach to managing cyber security and privacy regulations.

Industry insights