Cybersecurity: What You Don’t Know Can Hurt You

Kiteworks recently released its 2025 Data Security and Compliance Risk: Annual Survey Report, which reports the results of its survey of 461 organizations throughout the world. The report highlights how visibility gaps and ungoverned AI are combining to substantially increase enterprise risk.

Although the report notes that some organizations have embraced automation, privacy enhancing technologies (PETs), and centralized governance, it says that most continue to rely on manual processes providing limited visibility. This excerpt from the press release announcing the report summarizes some of the key issues it identifies:

Visibility-Risk Cascade:

46% who don’t know third-party counts also miss breach frequency
48% uncertain about breaches can’t quantify litigation costs
36% unaware of AI usage implement zero privacy technologies
42% of those uncertain about hacks report uncertainty in detection times

The 1,001-5,000 Third-Party “Danger Zone”:

24% face 7+ annual breaches – worst of any segment
46% report highest supply chain risk increases globally
42% take 31-90 days to detect breaches

AI Governance Vacuum:

Only 17% have fully implemented technical AI governance frameworks
Organizations with unknown AI usage: 36% implement zero PETs
93%-96% who measure AI usage implement at least one PET
The gap between AI adoption and governance creates dangerous blind spots

Detection-Cost Correlation:

Organizations with faster detection show significantly lower litigation costs
Those with detection delays face substantially higher litigation expenses
31% of large ecosystems (>5,000 third parties) take >90 days
77% with 10+ hacks face >$3M litigation costs

The report says that although there have been incremental security enhancements over the years, transformative change is essential in order to address the magnitude of the risk. Specific recommendations include precisely measuring third-party relationships, AI data flows, detection times, and compliance efforts, eliminating manual processes, deploying advanced defense technologies and building proactive compliance frameworks.