Top Risks Facing Life Sciences Organizations

November 28, 2023 17 mins

Top Risks Facing Life Sciences Organizations

Top Risks Facing Life Sciences Organizations

Life Sciences industry respondents to our Global Risk Management Survey (GRMS) ranked supply chain or distribution failure and cyber attack or data breach as their two most critical risks.

Many life sciences organizations are in a period of transformation as they seek to unlock their next wave of innovation and growth. At the same time, they also have to dedicate substantial resources to quantifying and mitigating a wide variety of risks. Organizations in this sector must understand and respond to changing patient needs and new scientific developments while simultaneously navigating a volatile business environment marked by geopolitical upheaval, extreme climate events and ongoing manufacturing disruptions. High turnover rates — among workers moving to other life sciences companies or into tech and other, less regulated industries — also plague the industry. 

The current business environment amplifies all of the industry’s top risks. Geopolitical volatility may drive cyber risks, while demographic shifts in the workforce and accelerated innovation in the industry drive the need to add specialized talent, which is in increasingly high demand. On top of this, governments’ efforts to manage spiraling healthcare costs can further complicate the business landscape. Further, the concerns surrounding supply chain disruptions and business interruption risks that were laid bare during the pandemic have continued, despite heightened attention and additional efforts to address their root causes.

Survey participants from the life sciences industry anticipate the need for innovative treatments to fuel growth, with 99 percent of respondents agreeing this represents a growth opportunity as well as a shift in their risk profile. Meanwhile, 57 percent characterized it as a significant growth opportunity. Most life sciences respondents also view new business models, emerging market growth and digitalization (93 percent, 91 percent and 93 percent, respectively) as significant growth opportunities for the industry. Most respondents even displayed optimism that economic conditions present opportunities for growth, with only 22 percent dissenting from this view.

Current Risks

Life sciences respondents’ top 10 current risk rankings reflect significant shifts compared to our last survey in 2021. Business interruption ranked number one in 2021, a year marked by massive disruption and volatility amid the COVID-19 pandemic, but has fallen to number three in 2023. Its continued presence in the top five risks reflects accelerated supply chain risks. Supply chain or distribution failure jumped from number six to number one, indicating that strategic planning of complex and heavily regulated supply chains is a top priority. The life sciences industry is characterized by a high level of use of external partners — such as contract research organizations and contract development and manufacturing organizations, as well as raw-materials suppliers, packaging and labeling and distributors — which requires organizations to adopt responsible supply chain practices and develop robust risk management processes.

Top 10 Current Risks
  1. Supply Chain or Distribution Failure
  2. Cyber Attack or Data Breach
  3. Business Interruption
  4. Regulatory or Legislative Changes
  5. Failure to Attract or Retain Top Talent
  6. Damage to Brand or Reputation
  7. Product Liability or Recall
  8. Failure to Innovate or Meet Customer Needs
  9. Cash Flow or Liquidity Risk
  10. Capital Availability

Recent events have directly affected global trade; therefore, it is no surprise that the highest-ranked risk is supply chain or distribution failure. In an increasingly volatile world driven by factors such as natural disasters and weather, geopolitical risks, cyber attacks, scarcity of raw materials, coupled with a wide range of economic issues, life sciences organizations are facing numerous challenges that could directly affect their ability to deliver their products to patients. The long list above highlights the interconnectivity of the top 10 risks and the need for supply chain risk management. This should include a regular review of critical suppliers and comprehensive business continuity planning, and we observe that leading life sciences companies address their supply risks by focusing on vendor management via the implementation of data-driven, agile supply chains.

Several new risks broke into the top 10 in 2023, including failure to attract or retain top talent at number five. Many companies report critical shortages and difficulty filling open positions, especially for digital professionals in artificial intelligence (AI), machine learning and data science, at a time when emerging business models are highly dependent on these skills. 

Rounding out the list of new risks are cash flow or liquidity risk at number nine and capital availability at number 10. Cash flow and liquidity and access to capital are directly affected by the challenging economic environment, marked by downturns, persistent high inflation and interest rates and tightened credit markets. 

Cyber attack or data breach maintained its position as the second-highest risk for the life sciences sector. Organizations in the industry are likely to lose $642 billion globally to direct cyber attacks from 2023 to 2027, according to a recent report. Digital technologies including data and analytics, the Internet of Things, wearable devices and AI create significant growth opportunities but also exacerbate cyber risk. Even remote working increases data security and cyber risks, and global supply chains expand the threat footprint.

Regulatory or legislative changes, ranked number four, count among the biggest risks life sciences respondents faced in 2023. For example, the Inflation Reduction Act includes provisions to reduce drug prices, which could force life sciences companies to rethink their commercial models or even reprioritize their pipelines. At the same time, the EU submitted proposals for new pharmacy legislation in April 2023. This reform aims at enhancing innovation and ensuring timely and equitable access to medicine. More stringent regulations to ensure the safety and quality of drugs, devices and therapies are always on the agenda and will keep organizations operating in this industry on their toes, most recently in relation to cyber security and supply chain resilience, which underlines the interconnectivity of risks. 

Underrated Risks

Failure to innovate or meet customer needs was ranked eighth among current risks by life sciences respondents, while merger, acquisition or restructuring failed to make the top 10, despite the patent cliff for certain blockbuster drugs. As crucial patents expire, companies must explore ways to replace lost revenue streams, spurring increasing consolidation in the pharmaceutical industry. As companies strive to replace those best-selling drugs that have expiring patents, they seek to acquire or develop potential market-leading products. The potential loss of revenue and reputation that could arise in such situations elevates the importance of these risks. Furthermore, some companies may be underestimating the risk of transitioning resources, talent and infrastructure to support transformation strategies such as shifting focus to new therapeutic areas. 

Similarly, environmental, social and governance (ESG) policies and corporate social responsibility are not explicitly referred to in the top 10 risks, despite the increasing emphasis on sustainability and ethical practices. ESG considerations encompass various risks, including regulatory compliance, supply chain disruptions, reputational damage and shifting consumer preferences, and therefore are likely to be implicitly included in the risk rating. Monitoring these risks on a regular basis allows life sciences companies to mitigate any significant financial, operational and reputational hazards. 

Especially for certain life sciences organizations — such as smaller biotech and pre-clinical businesses — we would have expected to see cash flow or liquidity risk (ranked ninth) and capital availability (number 10) placed higher, because it has become more difficult to attract new investors to finance innovative drug development. The requirements for pre-clinical organizations to attract new capital have increased significantly. 

Losses and preparedness

A third of Life Sciences respondents suffered a loss due to the risks in the top ten, while nearly two thirds have plans in place to respond to them.

  • 33%

    average percentage of respondents who indicated risks in the top ten contributed to a loss for their organization in the 12 months prior to the survey.

    Source: Aon's 2023 Global Risk Management Survey

  • 62%

    average percentage of respondents who stated their organizations have set up a plan to respond to risks in the top ten.

    Source: Aon's 2023 Global Risk Management Survey

Future Risks

As digital transformations and automation proceed at pace and geopolitical volatility continues, respondents anticipate that cyber attack or data breach will remain a top risk in the future. Furthermore, life sciences respondents expect talent gaps to intensify, ranking failure to attract or retain top talent at number two among their future risks. Meanwhile, regulatory or legislative changes are predicted to remain a key issue, rising to number three in the future, reflecting respondents’ concerns related to government efforts to manage rising healthcare costs.

Top 10 Future Risks
  1. Cyber Attack or Data Breach
  2. Failure to Attract or Retain Top Talent
  3. Regulatory or Legislative Changes
  4. Supply Chain or Distribution Failure
  5. Business Interruption
  6. Failure to Implement or Communicate Strategy
  7. Failure to Innovate or Meet Customer Needs
  8. Commodity Price Risk or Scarcity of Materials
  9. Cash Flow or Liquidity Risk
  10. Merger, Acquisition or Restructuring

At the same time, supply chain or distribution failure, which ranked number one in 2023, drops to life sciences respondents’ number four risk in the future, while business interruption drops from third to fifth. This potentially reflects the additional efforts companies are taking to mitigate supply chain risk, such as by shortening the chains, increasing transparency and using customer data to inform strategies.

Life sciences organizations added three new risks to their future risk list. Two are linked directly to corporate strategy: failure to implement or communicate strategy (sixth) and merger, acquisition or restructuring (number 10). The escalation of these risks likely accompanies strategy shifts in response to the looming patent cliff and a flood of approved versions of original “innovator” products into the market once the original product’s patent expires. Many life sciences companies are likely to pursue mergers and acquisitions or divestments to support their future strategy. 

The third risk added to the future top 10 is commodity price risk or scarcity of materials. This heightened risk is likely driven by the uncertain geopolitical environment and the life sciences industry’s heavy dependence on China and India for certain supplies. This risk ranking may be slightly overstated; the risk level may fall well within the risk appetite of many life sciences organizations. Finally, two current top 10 risks — damage to brand or reputation and product liability or recall — fall out of the top 10 in the future, perhaps because, although they remain critical, life sciences’ list of key risks exceeds 10. 


Despite being ranked the industry's most critical risk, only 10 percent of life sciences industry respondents stated they had quantified their supply chain exposure.

Source: Aon's 2023 Global Risk Management Survey

How Can Life Science Organizations Mitigate These Risks Effectively?

At an enterprise level, life sciences firms should ensure they have the capabilities in place to assess different types of risks and quantify their potential losses. They should also determine their appetite for risk, making informed decisions on whether and how to transfer risks. Quantifying exposure is especially important when inflation is affecting asset valuations. Otherwise, organizations might find themselves without appropriate levels of insurance coverage in the event of a loss.

To mitigate risks associated with supply chain or distribution failure and business interruption, life sciences companies should monitor and comply with all regulatory requirements aimed at boosting supply chain resilience (including with third-party suppliers). Performing regular reviews and ensuring adequate risk management measures are in place are important in building lasting resilience. 

With cyber attack or data breach a key risk for the industry, life sciences organizations should shore up their cyber resilience with a strategy that includes assessment, mitigation, risk transfer and recovery. Organizations need data and assessments to understand how their cyber protections and risks affect their financial exposures. Once vulnerabilities are assessed, a whole-organization approach to mitigation can help optimize returns on investments in security enhancements. When mitigating cyber attack or data breach risk, it is effective to work across functions — with risk and information security teams, among others — to monitor and assess cyber risk exposure and align on risk management measures. This will involve breaking down silos to ensure that decisions about strategies and investments in information security and cyber insurance spending are made based on a common understanding of the risk. 

To help mitigate risks associated with failure to attract or retain top talent, business leaders should focus on assessing their current talent and skills to identify gaps. Investing in a job architecture system to improve employee engagement and performance will encourage employees to take responsibility for their own careers and provide a clear path to advancement. Updated hiring processes, training, benefits packages and compensation benchmarking (where possible) will further create efficiencies and enhance their value proposition to employees. These actions could help to differentiate organizations from their competitors (in life sciences and other adjacent industries) and lead to attracting, retaining and motivating talent. 

Finally, it is important that, for continued operational success, life sciences organizations assess the ways geopolitical dynamics and the changing regulatory landscape may put revenue at risk in the short and long term. Reputational considerations such as shareholders’ perspectives also fall into these risk assessments and can inform organizations’ risk management strategy. 

General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent, or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss caused by reliance on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Contact Us

Let’s Connect

Talk to Our Team

Contact our team today to learn more about how we can help your business.