Industry Brief

Pharmaceuticals/Life Sciences: 2023 Sensitive Content Communications Privacy and Compliance

Industry Findings and Takeaways


Communication Tools in Use








Less than 4

Average Annual Budget for Communication Tools




$350,000 – $499,999


$250,000 – $349,999


$150,000 – $249,999

Number of Third Parties With Which They Exchange Sensitive Content




2,500 – 4,999


1,000 – 2,499


499 – 999

Attack Vector Weighted Score (based on ranking)




Password/Credential Attacks


DNS Tunneling


URL Manipulation


Denial of Service




Zero-day Exploits and Attacks


Malware (ransomware, trojans, etc.)


SQL Injection


Man in the Middle


Session Hijacking


Cross-site Scripting


Insider Threats

Exploits of Sensitive Content Communications in Past Year




7 – 9


4 – 6


Fewer than 3

Level of Satisfaction With 3rd-party Communication Risk Management


Requires a New Approach


Significant Improvement Needed


Some Improvement Needed


Minor Improvement Needed

Schedule a Demo

Cyber Risk in the Pharmaceutical and Life Sciences Sector

With patient information, patented drugs, clinical trials, research projects, and technological advancements stored within their systems, the pharmaceutical and life sciences industry faces significant cyber risks. The rapid pace of technological advancements, increased reliance on automation tools, and engagement with third-party vendors further compound these challenges. It is noteworthy that the average cost of a breach in the pharmaceutical sector is approximately $5.3 million, which is 1.3 times higher than the average across other industries.1 Sensitive file and email data communications in pharmaceutical and life sciences are a prime target for rogue nation-states and cybercriminals. It includes personally identifiable information (PII), intellectual property (IP), financial documents, clinical trial data, genomic data, and more.

Inefficiencies and Risks With Numerous Communication Tools

Respondents in Kiteworks’ 2023 Sensitive Content Communications Privacy and Compliance Report revealed that they utilize various communication channels to exchange sensitive content. 28.5% of them used more than 7 communication tools while only 10% used 10 or fewer. 28.5% of respondents indicated their organizations spent more than $500,000 on these tools, the highest of any industry.

Over 90% of pharmaceutical and life sciences firms exchange sensitive content with third parties on a regular basis.

Ranking Third-party Content Communications Risk

The management of third-party risk is a crucial aspect for pharmaceutical companies, as they regularly share critical information externally through a variety of communication channels. These channels enable the exchange of vital data with partners, vendors, research organizations, and other stakeholders. This process introduces a level of vulnerability, where sensitive information is exposed to potential risks beyond the company’s direct control.

Email is ranked with the highest risk by survey respondents, receiving a total of 40% of combined #1 and #2 rankings. Web forms comes up second with 28% of respondents listing it as their #1 or #2 rankings. Like most other industry sectors in the report, pharmaceutical and life sciences companies revealed they need either a completely new approach or significant improvement in their sensitive content communication risk management (44%).

Implementation of digital rights management to limit access to and usage of sensitive content is tied as the number one priority for content sharing and collaboration.

Better Digital Risk Management Required

When asked to rank their top priorities regarding sensitive third-party content communications, respondents highlighted key areas of focus. The highest number of top rankings, at 18.5%, was given to tracking content permissions, expiration, locking, and versioning. This signifies the importance placed on effectively managing and controlling access to sensitive content throughout its life cycle. Following closely, at 15.7%, was automating the protection of content at rest from malicious threats. This underscores the need to implement robust security measures, including encryption, to safeguard sensitive information when it is received and stored. In third place, at 14.3%, is protection of content in motion from malicious threats.

Given the extensive reliance on third parties for crucial activities, such as R&D, clinical research, warehousing, logistics, and freight forwarding, the supply chain becomes a potential source of risk. Specifically, the absence of governance controls for confidential data can expose sensitive content communications to malicious actors. Here, only 31.5% of respondents have administrative policies for tracking and controlling sensitive content collaboration and communications on-premises and across the cloud.

Kiteworks and Pharmaceuticals and Life Sciences

Pharmaceutical and life sciences companies often collaborate on drug discovery projects, which require the sharing of sensitive information such as chemical structures, biological data, and experimental results. Kiteworks enables the safe sharing and collaboration of this information, ensuring the protection of IP and compliance with data privacy regulations. Kiteworks’ encryption, access controls, and audit logging capabilities help maintain the security and integrity of drug discovery project data during the collaboration process. Kiteworks facilitates the safe sharing of this sensitive information, ensuring the protection of patient privacy and compliance with data privacy regulations, such as HIPAA and GDPR.

Another significant use case for Kiteworks in pharmaceutical and life sciences firms is in the distribution of product labeling and packaging materials. Pharmaceutical and life sciences companies often need to distribute these materials to internal teams, external partners, or regulatory agencies. Kiteworks facilitates the safe distribution of these materials, ensuring the protection of intellectual property and compliance with industry regulations. These companies often need to share sensitive protected health information (PHI), such as medical records, genomic data, or clinical trial participant information, with internal teams or external partners. Kiteworks enables the safe sharing of this sensitive information, ensuring compliance with data privacy regulations such as HIPAA and GDPR.

1 “Cost of a Data Breach Report 2022,” IBM and Ponemon Institute, July 2022.


Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.


Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Get A Demo