In brief

In brief

  • Accenture Security conducted a State of Cyber Resilience survey featuring 4,600 executives, 200 of which were in the Life Sciences industry.
  • 98 percent of respondents were the sole or key decision-makers in cybersecurity strategy and spending for their organization.
  • Eleven different countries participated—Australia, Brazil, Canada, France, Germany, Ireland, Japan, Netherlands, Norway, UK, US.

Security health

Increasingly, the success of life sciences companies is about their focus on delivering value through better patient outcomes. But while this shift creates infinite new possibilities to reinvent the patient experience and redefine the future of healthcare, it also exposes life sciences organizations to new security risks.

As fast as life sciences organizations shore up their defenses, new cyberattacks are evolving—with the potential to severely disrupt existing research and development, sales and manufacturing operations.

With dozens of companies hit by ransomware in recent years, and the average cost of cybercrime for an organization increasing 11 percent in 2018 over 2017, life sciences organizations have yet to achieve cyber resilience.

Accenture conducted security research to understand how organizations, including those in the life sciences industry, can achieve cyber resilience. Here is what we found:

8 in 10

Life sciences executives are confident about their cybersecurity capabilities; yet out of 33 cybersecurity capabilities, life sciences is high-performing in just 21.


of life sciences executives said that “cyberattacks are a bit of a black box, we do not quite know how or when they will affect our organization.”


of life sciences executives agree that, to be truly resilient, organizations must rethink their approach to security in a way that defends not just themselves, but their ecosystems.

As key life sciences players have shown, cybersecurity is a priority—and the time to act is now.

Security is not a one-time event

Security breaches can affect life sciences organizations' profits, sales and even reputation—whether incurring data loss that results in regulatory fines, halting production or negatively impacting brand or trust.

As the rate of M&A activity continues to rise in the industry, each announcement brings with it a new security complication. For an industry wedded to its legacy systems, defending them is expensive.

Being able to prepare and recover effectively from security vulnerabilities is essential. Three areas are important for life sciences companies that want to achieve cyber resilience:

Drive business-enabled security

The CISO’s role is evolving. CISOs need to become the universal translator for cybersecurity—someone who is business-minded as well as tech-savvy.

Protect beyond your four walls

Life sciences CISOs need to build new capabilities and operating models—acting as a business partner enabling growth, rather than a cost center.

Be brilliant at—and evolve—the basics

CISOs must identify and harden high-value assets, prioritize legacy applications and transform incident response plan into crisis management plan.

View All

Security first

No matter the number of manufacturing facilities or whether a sound cybersecurity strategy has been embedded into a company’s culture, the risk of an attack to patient and product data is looming. While life sciences executives know that they can rely on regulation to help guide how they operate, it cannot ease the complexities from these new threats. As key life sciences players have shown, cybersecurity is a priority—and the time to act is now.

About the Authors

Vikram Desai

Managing Director – Accenture Security

Geoff Schmidt

Managing Director – Cloud First, Life Sciences

Cesar Villalta

Managing Director – Life Sciences Lead, Cybersecurity

Wayne Dennis

Global GCP Security Practice Lead


Gaining ground on the cyber attacker
Achieving data-centric security

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter