Connect with Us

Life Sciences

Amplified business decisions are the new norm thanks to rapid changes. From new market entrants and regulatory reform to expiring patents and the growing challenge of chronic diseases, leaders in the life sciences community must explore a new course to address the changing climate for health care – one driven by patients and focused on health outcomes but doing so by protecting their most valuable asset, their data.

Brier & Thorn’s Risk, Audit, and Compliance practice helps pharmaceuticals, biotech, and medical device clients manage the risk to their intellectual property and trade secrets so they can more easily and effectively develop future focused business strategies and implement the time critical programmes and procedures essential to success within worldwide regulatory frameworks.


Medical devices are becoming increasingly connected. Explore the growing attack surface of connected medical devices and what companies are doing to treat these risks.


Global biotechs redesign IT risk management strategies to address requirements for increased security controls around cancer research and drug trial data from a growing number of threat actors and nation states


Technology and people assets are an important enabler of business transformation. In the pharmaceutical and life sciences industry, new technologies enable greater understanding of disease, reduce costs in R&D, manufacturing, and the supply chain. But they can also introduce significant risk in a climate with a growing number of threats that include nation states vying to steal that data.

Together with our global life sciences clients, we leverage our thought leadership in IT risk management to develop effective risk management strategies that enables our pharmaceutical clients to better and more securely make revolutionary contributions to clinical care, medical technology clients to innovate effectively and address a broader range of constituents, and our biotechnology clients to develop future focused business strategies by turning technology into secure, accretive investments that enables the business rather than constrains it.

Our advisors have helped guide the IT risk management programs of companies in:

Biotechnology: More than any other technology, biotechnology has the potential to alter our lives in a positive way. And by achieving this potential, today’s biotech companies are delivering new levels of health, prosperity and sustainability – across the world. But with uncertain capital markets, increasing regulation, growing pricing pressures, competition for acquisitions, an evolving health care environment around the world, and now, the threat of hostile nation states stealing the intellectual property of biotechnology companies around the world, this sector faces unprecedented challenges.

Our firm has been a pioneering risk management presence in the biotech industry when we began performing incident response to intellectual property theft as a result of industrial espionage and nation-state theft since 2010. We’ve stayed committed to our clients business with our global network of risk management professionals. So it’s not surprising that we serve more biotech companies than any other risk management firm by a wide margin.

Pharmaceuticals: Pharmaceutical companies are facing great changes to the industry – emerging science, new products and services, shifting demographics, evolving regulations, transforming business models and increased stakeholder expectations. We are helping pharmaceutical companies around the globe to address their toughest risk management and regulatory compliance challenges presented by this new world.

Our thought leadership in risk management helps clients navigate the shifting global landscape and grow their business – the new business imperative of improving risk management outcomes.

Medical Technology: Fundamental drivers – from aging populations and increasingly prevalent chronic diseases to expanding needs for lifestyle medical procedures – suggest demand for medical technology products to become more increasingly connected, capability-rich, and joined to the Internet of Things (“IoT”) ecosystem of connected technologies for years to come. Still, the road ahead is littered with a litany of IT risks and challenges as the attack surface of medical technology increases through this rapid move towards interconnection and access. Within an industry that requires constant innovation, our clients are under pressure to demonstrate value for the products they develop, comply with increased regulations and satisfy the demanding new consumer-turned-competitor while still keeping patients safe.



Across all life sciences sectors, the world’s leading companies turn to us for our expertise and experience in IT risk management, especially in the new area of IoT risk and threat assessments. Brier & Thorn has worked with the life sciences sector across 71 countries, addressing a broad range of challenges and threats facing a new world of interconnected devices being brought to the market by medtechs. We have worked with our clients in the transition and creation of IT risk management programs in international divestitures, mergers & acquisitions, emerging market expansion, new product development, and turnarounds.  We are focused from day one on helping our life sciences clients mobilize their organizations and technology to deliver results. Our clients span multiple ancillary industrial sectors in life sciences, including:

  • Pharmaceuticals
  • Medical Technology
  • Healthcare Payers and Delivery Systems
  • Biotechnology
  • Chemicals
  • Infrastructure, Construction, & Building Products
  • Industrial Machinery
  • Forest Products, Paper, & Manufacturing

Our client’s IT risk management strategy should support its business strategy, not constrain it. Brier & Thorn focuses first on the strategic needs of our clients’ businesses to determine the security controls needed to support their long-term goals. We help companies confidently address their IT risk decisions and ensure their business and operating models are agile and effective, while remaining risk managed by equipping them with the knowledge to cut through the noise of fleeting security control trends to create enduring results.

We have provided IT risk management services to many of the life sciences companies listed in the Fortune 500. Our life sciences practice comprises a global network of consultants who provide IT risk management to public and private sector companies around the world in project engagements including incident response and forensics as a result of industrial espionage, nation-state theft of intellectual property and trade secrets, and medtech risk and threat assessments.

Our specialists are recognized for their innovation and thought leadership. Central to the successful delivery of our risk management services is an in-depth understanding of today’s industry issues in addition to a wealth of specialized resources and best practices.

The environment in which our clients operate is continuously evolving and so too are the issues. We help our clients address a full spectrum of enterprise risk management challenges.


Our Perspective

The life sciences industry continues to face unparalleled risk management challenges. Companies face maturing and slowing pace and relative differentiation of innovation, diminishing role of physicians in the purchasing process, and reduced ability to charge a premium for incremental healthcare product features and benefits. With healthcare reform across the globe further accelerating these changes, so does the risk profile of these companies needing a more lean and cost effective plan for addressing enterprise risk. All of this is occurring at a pace that leaves little time for executive leadership teams to respond with appropriate IT risk treatment options let alone develop even broader enterprise risk management plans.

Companies have responded with a variety of growth and defensive strategies: some pursing wrenching cost reductions to ensure near-term profitability that has a direct impact on investments in IT security and thus the ability for the companies to meet growing regulatory compliance requirements and the effective protection of their data.


How We Do It

This simple 6-step plan, distinctive to our firm lays out:

  • Established IT risk governance that establishes a governance framework for managing the company’s IT risks by deciding who will be on each of the teams, sets up operating processes and a reporting structure, and connects risk programs such as disaster recovery, business continuity, and crisis management.
  • Understanding of IT organizational boundaries by identifying the company’s IT vulnerabilities which extend to all locations where sensitive data is stored, transmitted, and accessed.
  • Identification of critical business processes and assets that determines what comprises our clients’ most valuable revenue streams, business processes, assets, and facilities.
  • Identification of threats that creates an effective IT risk monitoring environment that focuses on building a sustainable and resilient approach to putting intelligence inputs from various teams under a common risk lens to quickly identify, correlate, and respond to threats in real time. Our life sciences clients establish a robust threat-analysis capability built on shared intelligence, data, and research from our Security Operations Centers and external sources that effectively analyzes threat context in its entirety.
  • Improvement of collection, analysis, and reporting of information that our life sciences clients are provided as part of our managed security services, which implements robust cyber and technical threat intelligence capabilities. These are: collection and management, processing and analyzing, and reporting and action.
  • Planning and Response actions through a formal design and implementation of prepared responses – playbooks – which are a necessary step in adequately planning and preparing responses to cyber events. Using the intelligence gathered throughout the playbook development process, each playbook says who should take action, what their responsibilities are, and exactly what they should do. Executive leadership will frequently revisit our firm’s cyber intelligence gathering techniques, leverage and update cyber insurance options, and upgrade IT security controls.

Client ResultKundenergebnisse

We share our clients’ ambitions working to understand their reality and deliver true results – focusing on strategic decisions and practical actions. We align our incentives with our clients’ objectives so they know we’re in this together as a closely-held partnership.

Pharmaceuticals company protects intellectual property with help from Brier & Thorn

Acadia Pharmaceuticals retains Brier & Thorn for threat management services to address growing attack surface around its intellectual property and trade secrets.