Benchmark Your Sensitive Content Communication Risk

Report Highlights

Assessing the Challenges of File and Email Data Communications

Safeguarding sensitive content has never been more critical due to today’s fast-paced digital world and quickly evolving cyber-threat landscape. Failings of first-generation digital rights management (DRM) are one of the reasons, and it is time for a DRM “do-over.” Kiteworks’ 2023 Sensitive Content Communications Privacy and Compliance Report pinpoints multiple causes for the dire security and compliance state of file and email data communications.

A disaggregated “tool soup” of communication tools makes it virtually impossible to build and manage policies to track and control the access to sensitive content. Nearly 85% of respondents use four or more tools to track, control, and secure the sharing of such content, and 46% say that number is six or more.

The sophistication and velocity of cyberattacks are increasing as well, with 84% of respondents admitting they experienced four or more sensitive content communication exploits, and 36% report more than seven.

---

Communication Channels Posing the Greatest Risk

Email tops the list again in 2023. Nearly 40% of respondents ranked email and web forms as either their top security risk or second-highest communication channel risk. File sharing came in third with 35% marking it as their top or second-highest risk, followed by mobile apps (22%), file transfer and automation (19%), text (19%), and application programming interfaces (APIs) (15%).

When encrypted email cannot be decrypted by a recipient, the following happens:

50%

ask the sender to send a password-encrypted zip file.

35%

ask the sender to resend the file unencrypted in an unpublished shared drive link.

15%

indicate the sender should sign up for free encrypted email outside of the company.

---

Measuring and Managing Security and Compliance Risks

Measuring and managing file and email data communication risks goes a long way in averting malicious exploits and inadvertent data exposure. But most organizations are struggling in these areas.

Almost 75%

of organizations say their measurement and management of security and compliance risk for sensitive content communications requires significant or some improvement.

---

Sending and Sharing Sensitive Content With Third Parties at Risk

90% of organizations exchange sensitive content like PII, PHI, IP, and financial and legal documents with thousands of third parties. But due to the “tool soup,” inadequate governance tracking and controls, and insufficient security, doing so can present serious risk.

Nearly 8 in 10

of organizations say risk management of third-party communications requires a new approach, significant improvement, or some improvement.

---

Digital Rights Management Requires a “Do-over”

Most organizations indicate they have various gaps when it comes to tracking and controlling access to sensitive content, to whom it is sent and shared, who can edit it, and to whom and where it can be sent.

Only 22%

of organizations have policies and systems in place to track and control access to sensitive content and to whom it is sent and shared.

Only 27%

have alignment and measure and manage sensitive content communication security risk.

---

Measuring the Impact of Cyber Exploits

Cybercriminals and rogue nation-states are increasing the sophistication and velocity of their attacks—including those on file and email data communications.

84%

of organizations admit to 4+ exploits of sensitive content communications in the past year.

62%

of organizations had financial damage as a result of a sensitive content communications exploit.

Other Resources