Industry Brief

Financial Services: 2023 Sensitive Content Communications Privacy and Compliance

Industry Findings and Takeaways


Communication Tools in Use








Less than 4

Average Annual Budget for Communication Tools




$350,000 – $499,999


$250,000 – $349,999


$150,000 – $249,999

Number of Third Parties With Which They Exchange Sensitive Content




2,500 – 4,999


1,000 – 2,499


500 – 999


Less than 499

Attack Vector Weighted Score (based on ranking)


URL Manipulation


Session Hijacking


Password/Credential Attacks


Malware (ransomware, trojans, etc.)


Cross-site Scripting


Denial of Service


DNS Tunneling




Zero-day Exploits and Attacks


SQL Injection




Insider Threats


Man in the Middle

Exploits of Sensitive Content Communications in Past Year




7 – 9


4 – 6


2 – 3

Level of Satisfaction With 3rd-party Communication Risk Management


Requires a New Approach


Significant Improvement Needed


Some Improvement Needed


Minor Improvement Needed

Schedule a Demo

The Financial Industry Continues to Be a Top Target for Cybercriminals

Financial services often is at the forefront of a sophisticated and evolving digital landscape, witnessing rapid technological advancements that deliver new services to customers and drive operational efficiencies. However, the movement of more confidential data into the digital space and is exchanged with first and third parties has not gone unnoticed. For example, according to CrowdStrike’s 2023 Global Threat Report, the financial sector was the second most frequently targeted vertical after the technology vertical last year.1 Verizon’s 2023 Data Breach Investigations Report (DBIR) found that personally identifiable information (PII) is the top target of bad actors (74% of the time).2

Too Many Disaggregated Tools for Sensitive Content Communications

Kiteworks’ 2023 Sensitive Content Communications Privacy and Compliance Report revealed that financial firms struggle to manage file and email data communication risks—both inside their organizations and with third parties. One of the reasons is the large number of systems financial organizations use to send and share private data. Nearly 7 out of 10 financial institutions have six or more sensitive content communication systems in place.

69% of financial institutions use 6+ sensitive content communication tools and systems.

Third-party Content Communications Risk

Financial organizations rank among the highest when it comes to the number of different systems used to send and share content communications with third parties: 60% use six or more. Surprisingly, in terms of ranking, respondents pegged web forms at the top of the list, with 25% giving them a number one ranking. When ranks one and two are factored together, email caught up with web forms, with 41% giving each a number one and two ranking. One of the ways email poses risk relates to challenges with encryption; specifically, when recipients cannot decrypt an email due to it being encrypted in a format not supported by their organization. Application programming interfaces (APIs) came in second, with 29.5% of respondents ranking them at number one and two.

Governance plays an important causation role here: 31% only track and control access to sensitive content folders for certain content types, while another 37% only do so for certain departments.

Web forms and email tied for highest risk of all communication channels, with 41% of financial firms listing them as either their number one or two risk.

Risk management of third-party content communications is seen as a problem across industry sectors, and financial services is one at the top of the list. 44% of respondents said they require a new approach or their current approach requires significant improvement. Another 38% indicated some improvement is needed. Survey responses corroborate concerns around risk: 95.5% of financial services organizations experienced four or more exploits of sensitive content communications in the past year.

Better Digital Risk Management Required

Lack of robust digital rights management is a big part of the problem, though weaknesses across financial services organizations are not the same. For example, 42.5% of respondents said they have administrative policies in place for tracking and controlling content collaboration and sharing on-premises but not in the cloud. However, at the same time, 20.5% said the opposite—namely, they have tracking and controls in place for the cloud but not on-premises. Only slightly more than one-third indicate they have digital risk management capabilities in place for both the cloud and on-premises.

95.6% of financial services organizations experienced four or more exploits of sensitive content communications in the past year.

Kiteworks and Financial Services Firms

The Kiteworks Private Content Network is a vital tool for financial services organizations that need to protect sensitive content communications while demonstrating compliance with various regulations. The platform provides robust security features, including end-to-end encryption, secure file sharing, and access control, which ensure the confidentiality and integrity of sensitive financial data. It also offers detailed audit trails and real-time monitoring capabilities, enabling organizations to track and record all data access and transfers. This is particularly crucial for demonstrating compliance with various financial regulations, such as the GDPR, CCPA, and PCI DSS. Further, Kiteworks supports data residency requirements, allowing organizations to store data in specific geographic locations in line with regulatory requirements. By leveraging Kiteworks, financial services organizations can confidently ensure the security and privacy of their communications, while effectively meeting their compliance obligations.

1 “2023 Global Threat Report,” CrowdStrike, February 2023.
2 “2023 Data Breach Investigations Report,” Verizon, June 2023.


Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.


Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Get A Demo