Press Release

Kiteworks survey reveals cascading blind spots: unknown third-party counts, ungoverned AI, and 46% facing >$3M costs when detection exceeds 30 days

Kiteworks, which empowers organizations to effectively manage risk in every send, share, receive, and use of private data, today released its 2025 Data Security and Compliance Risk: Annual Survey Report revealing a global visibility challenge that multiplies security risks. The comprehensive survey of 461 organizations across North America, Europe, APAC, and Middle East found that 46% of companies who don’t know their third-party count also don’t know their breach frequency, creating cascading blind spots that leave organizations exposed.

“Our survey reveals a fundamental truth about modern data security: What you don’t know doesn’t just hurt you – it multiplies exponentially,” said Tim Freestone, CMO of Kiteworks. “Organizations operating blind face dramatically worse outcomes across every metric we measured. The cascade effect is undeniable: Unknown third-party relationships lead to missed breaches, which prevent compliance demonstration, which results in massive costs.”

Survey Identifies Four Universal Risk Patterns

Kiteworks’ research reveals consistent failures across all regions:

Visibility-Risk Cascade:

• 46% who don’t know third-party counts also miss breach frequency
• 48% uncertain about breaches can’t quantify litigation costs
• 36% unaware of AI usage implement zero privacy technologies
• 42% of those uncertain about hacks report uncertainty in detection times

The 1,001-5,000 Third-Party “Danger Zone”:

• 24% face 7+ annual breaches – worst of any segment
• 46% report highest supply chain risk increases globally
• 42% take 31-90 days to detect breaches

AI Governance Vacuum:

• Only 17% have fully implemented technical AI governance frameworks
• Organizations with unknown AI usage: 36% implement zero PETs
• 93%-96% who measure AI usage implement at least one PET
• The gap between AI adoption and governance creates dangerous blind spots

Detection-Cost Correlation:

• Organizations with faster detection show significantly lower litigation costs
• Those with detection delays face substantially higher litigation expenses
• 31% of large ecosystems (>5,000 third parties) take >90 days
• 77% with 10+ hacks face >$3M litigation costs

New Risk Scoring Algorithm Reveals Industry Status

Kiteworks’ risk scoring algorithm (1-10 scale) uncovered significant results: 15% of organizations operate at “Critical” risk levels (7-10), with 46% falling into High-to-Critical range. The median risk score of 4.84 places typical organizations dangerously close to “High Risk” territory.

Confidence Paradox: Organizations expressing the highest confidence in their data control capabilities paradoxically demonstrate the highest risk scores – overconfidence breeds complacency.

Industry Risk Hierarchy Shows Wide Gaps

Unlike narrow regional differences, industry risk scores span 2.14 points:

• Energy/Utilities: 5.51 (highest risk)
• Technology: 4.94 (despite security expertise)
• Life Sciences/Pharma: 3.37 (lowest risk)

“What’s striking about our data is how different regions fail in different ways, yet all face the same fundamental challenge: visibility determines destiny,” said Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. “Whether it’s Middle East organizations with zero 24-hour detection, European companies with as little as 12% EU Data Act readiness, or APAC’s 35% who can’t assess AI risks – the root cause is always the same: Organizations can’t protect what they can’t see.”

Critical Actions for Global Organizations

The report identifies three universal imperatives:

1. Implement Comprehensive Visibility: Track exact third-party counts and AI data flows. Organizations with clear measurement achieve 43% breach-free rates versus constant incidents for those operating blind.
2. Scale Security Before the Danger Zone: Deploy enterprise-grade controls before reaching 1,001 third-party relationships. This range shows 46% higher supply chain risks and the worst breach outcomes.
3. Mandate AI Data Measurement: Organizations tracking AI usage implement protections at 93%-96% rates, while 36% of non-measuring organizations deploy zero privacy technologies.

Privacy ROI Delivers: Organizations with mature privacy programs report 27% reduced security losses, proving privacy investment generates measurable returns beyond compliance, alongside 21% enhanced customer loyalty and 21% improved operational efficiency.

Four-Year Trend: Incremental Progress, Exponential Threats

Despite four years of warnings, organizations achieved only 9 percentage points of encryption improvement (47% to 56%) while threats multiplied exponentially:

• Advanced PET adoption ranges from 19%-24%
• Manual compliance still dominates with 70%+ relying on manual processes
• Only 17% have AI technical data controls

“The data delivers an unmistakable verdict: 2025 is an inflection point where organizations must abandon incremental improvements for transformative change,” concluded Freestone. “The tools exist, the strategies are proven, and our data shows exactly what works. The only question is whether organizations will act with the urgency this moment demands.”

The complete Kiteworks 2025 Data Security and Compliance Risk: Annual Survey Report is available at https://www.kiteworks.com/data-security-compliance-risk-annual-report/.

About Kiteworks

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and use of private data. The Kiteworks platform provides customers with a Private Data Network that delivers data governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive data moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all private data exchanges. Headquartered in Silicon Valley, Kiteworks protects over 100 million end-users and over 1,500 global enterprises and government agencies.

Media Contact:
David Schutzman
PR Manager
David.schutzman@kiteworks.com