Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate
PALO ALTO, Calif., April 19, 2022 (GLOBE NEWSWIRE) — Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, found in its “2022 Sensitive Content Communications Privacy and Compliance Report” that more than half of organizations believe they are inadequately protected against third-party security and compliance risks. The report attributes various reasons for this lack of preparedness, including 53% failing to encrypt all sensitive content communications with third parties, 58% lacking content governance controls to measure third-party risk, and nearly 8 out of 10 believing their compliance reports are not completely accurate.
Findings in the Sensitive Content Communications Privacy and Compliance Report are based on a survey of 400 IT, security, privacy, and compliance professionals from numerous industries and 15 different countries around the world. In addition to struggling to manage security and compliance risks efficiently and effectively, respondents indicated they spend significant time on manual tasks related to key management and encryption/decryption, governance controls, and compliance reporting.
“Nation-states and cybercriminals know that confidential, private data holds great value, and studies show that it is increasingly the target of cyberattacks,” said Tim Freestone, Chief Strategy Officer at Kiteworks. “At the same time, regulatory bodies see these trends and have instituted, and continue to do so, standards that help protect sensitive content. This report reveals that many organizations are ill-equipped to deal with the sophistication and volume of today’s cyberattacks as well as the breadth of compliance standards when it comes to sharing and storing sensitive content. This lack of maturity creates significant security and compliance risk exposures.”
In addition to the above findings, notable admissions in the report include:
- Nearly two-thirds of organizations share and transfer confidential data with more than 1,000 third-party entities, including one-third that do so with over 2,500 third parties.
- 41% of organizations want to see significant improvement or even a whole new approach to managing sensitive content communications.
- 59% of organizations cited distributed denial of service (DDoS), malware, and ransomware in their top two concerns for external threats.
- Only 21% of organizations believe their compliance reports are fully accurate.
- Almost 8 in 10 organizations spend 20-plus hours compiling audit trails and generating reports.
- Only 14% of organizations manage and monitor all their sensitive communications taking place in the cloud.
“The Kiteworks platform provides our customers with a Private Content Network that delivers a comprehensive security and compliance approach for sharing and storing sensitive content communications,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “Granular audit controls and reporting to the level of user, folder, and file, and capabilities such as geofencing and encryption for data at rest and in motion enable our customers to protect all of their sensitive content communications while remaining compliant with a long list of regulatory standards.”
To read the 2022 Sensitive Content Communications Privacy and Compliance Report, download your copy here. You can also register to hear a panel of privacy and compliance experts discuss the findings and pinpoint actionable recommendations in a webinar scheduled for April 13 at 10 a.m. PT.
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.