Industry Brief

State and Provincial Governments: 2023 Sensitive Content Communications Privacy and Compliance

Industry Findings and Takeaways


Communication Tools in Use






Less than 4

Average Annual Budget for Communication Tools


$350,000 – $499,999


$250,000 – $349,999


$150,000 – $249,999


$100,000 – $149,999

Number of Third Parties With Which They Exchange Sensitive Content


2,500 – 4,999


1,000 – 2,499


Less than 999

Attack Vector Weighted Score (based on ranking)


DNS Tunneling


SQL Injection


Session Hijacking


Denial of Service


Password/Credential Attacks


Cross-site Scripting




Malware (ransomware, trojans, etc.)


Man in the Middle


URL Manipulation




Insider Threats

Exploits of Sensitive Content Communications in Past Year


7 – 9


4 – 6


2 – 3

Level of Satisfaction With 3rd-party Communication Risk Management


Requires a New Approach


Significant Improvement Needed


Some Improvement Needed


Minor Improvement Needed

Persistent Cyber Incidents in State Government

State and provincial governments send, share, receive, and store huge volumes of sensitive data. This data encompasses everything from personal data, such as personally identifiable information (PII), protected health information, and criminal records, to public safety information, to tax documents, to budget and financial data. Rogue nation-states and cybercriminals recognize the value of the data, and they are targeting state and provincial sensitive content communications with a variety of different attack methods. Kiteworks’ 2023 Sensitive Content Communications Privacy and Compliance Report finds that 86% of state and provincial government agencies dealt with four to nine sensitive content communication exploits in the past year.

Scattered Tool Ecosystem Increases Risk and Cost for State and Provincial Governments

One of the reasons for this targeted concentration of cyberattacks and exploits is the use of numerous, siloed communication tools. Three-quarters of state and provincial governments in the survey reported that they utilize five or more communication tools. The dispersion of these tools poses a formidable challenge, making it increasingly complex to establish standard governance policies and security standards. In addition to ratcheting up security risk, this communication “tool soup” makes it difficult for state and provincial governments to demonstrate adherence with varying compliance regulations such as HIPAA, PIPEDA, GDPR, and many others. Utilizing siloed toolsets also increases CapEx and OpEx costs. For example, Kiteworks’ report found that 54% of state and provincial governments spend between $250,000 and $349,000 annually on the communication tools themselves.

Over 7 out of 10 state and provincial government agencies experienced between four to six exploits of sensitive content communications in the past year.

Evaluating Third-party Content Communication Risks

State and provincial government entities face considerable risks when it comes to third-party content communications. Over 21% of these entities use six or more systems to track, manage, and secure content communications with third parties. Respondents indicate that file sharing and mobile application communication channels are the highest risk areas. More than two-thirds exchange sensitive content with 1,000 to 2,499 third parties, which elevates the intricacy and risk of safeguarding content communication.

In light of the above, it is not surprising that only 21.5% of state and provincial government agencies have a comprehensive system to track and control access to sensitive content folders across all types of content and departments. As a consequence, most respondents acknowledge the need to change how they manage sensitive content communication risk.

Over two-thirds of state and provincial government entities handle sensitive content communications with 1,000 to 2,499 third parties.

State Government Agencies Must Strengthen Digital Risk Management

As with other industry sectors, state and provincial governments would do well to heed greater attention to digital rights management. Tracking and controlling content communications on-premises and in the cloud requires attention. Only 54% indicate they have established tracking and control measures for both on-premises and cloud environments. The one upside is state and provincial governments seem to recognize their gaps here, with 77% indicating they either are in the progress of implementing or have plans to align risk management strategies with their sensitive content communication approaches.

Kiteworks Private Content Network for State Government Agencies

State and provincial governments exchange large volumes of sensitive content, both within their organizations and with third parties. The use cases vary and include activities such as collaboration on state-wide policy development, transferring grant applications, sharing budget and financial information, exchanging information on social service programs, and sharing PII and PHI records. The Kiteworks Private Content Network enables state and provincial governments to establish zero-trust policy management—tracking and controls on who can access sensitive content, who can edit it, who can send and share it, to whom it can be sent and shared, and to where it can be sent and shared. This dramatically reduces privacy and compliance risk exposure. Further, to demonstrate compliance with various data privacy regulations, state and provincial governments can tap comprehensive audit logs in Kiteworks. Plus, because Kiteworks employs advanced security capabilities, including a hardened virtual appliance, an embedded network firewall, WAF, and antivirus, AI-enabled anomaly detection, end-to-end encryption, and integrated ATP, CDR, and DLP capabilities, file and email data communications by state and provincial governments are protected from malicious cyberattacks.


console.log ('hstc cookie not exist') "; } else { //echo ""; echo ""; } ?>