Request Demo
Platform CapabilitiesPolicy Creation and ManagementFile Sharing and CollaborationFile Transfer AutomationFully Governed Email DataData Streaming with Next-gen DRMControlled AI Data AccessSecure Data Intake Via Online Forms
Use CasesControl Data ExchangeMeet Regulatory RequirementsSafeguard Private AI Data
PartnersTechnology PartnersMSP & MSSP PartnersResellers & Channel Partners
ResourcesResource CenterDevelopersCustomers
CompanyAbout UsManagementInvestorsCareersTechnical SupportNewsroomTrust PageVulnerability CenterContact Us
Request Demo
Mouseover to personalize your Kiteworks website experience

2025 Annual Survey Report

The visibility challenge: what you don’t know is costing you millions.

Executive Summary

When we launched this report series four years ago, we aimed to track how organizations protect their most sensitive digital assets. What began with metrics like encryption rates and third-party counts has evolved into a far more complex picture—one shaped by AI proliferation, regulatory sprawl, and an explosion in third-party ecosystems.

This year’s report lays bare a critical inflection point. While a handful of organizations have embraced automation, PETs, and centralized governance, the majority remain stuck in manual processes with limited visibility—despite the existential risks they now face.

One of the most urgent insights this year is the emergence of the 1,001–5,000 third-party “danger zone.” Organizations in this category now face the worst outcomes across nearly every measure: breach frequency, detection delays, and litigation costs. These firms are caught between enterpriselevel complexity and mid-market budgets—with attackers increasingly taking notice.

Meanwhile, AI governance gaps have grown more pronounced. Although 64% of organizations now track AI-generated content (up from 28% last year), only 17% have implemented technical governance frameworks. And among those unaware of their AI data exposure, 36% use no PETs at all. These blind spots are not theoretical—they’re compounding actual risk.

For the first time, we’ve introduced a proprietary risk scoring algorithm that synthesizes breach frequency, detection speed, and financial damage into a 1–10 scale. The results are sobering:

  • Organizations in the “danger zone” scored the highest average risk (5.19)

  • Those expressing the most confidence in their tracking paradoxically show higher risk scores— highlighting the overconfidence effect

  • Firms with strong AI governance and privacy investment consistently scored lower, quantifying the real ROI of visibility and control

Across sectors and regions, we’re also seeing diverging strategies. The most mature organizations balance distributed cloud architectures, PET deployments, and multi-jurisdictional compliance automation. Others continue to rely on contracts and employee training—strategies that are increasingly insufficient in the face of regulatory scrutiny and AI-driven threats.

The bottom line? In 2025, good enough is no longer good enough. Our research shows that exponential threats demand exponential responses. This report offers the data and frameworks to guide that transformation—including the industry’s first quantitative model for benchmarking data security risk.

Visibility-Governance Challenge Compounding Effect of Unknown

Unknowns In the world of data security, there’s a fundamental truth that our four years of research has made undeniable: You cannot protect what you cannot see. Yet our 2025 data reveals that organizations across every industry, size, and geography are operating with dangerous blind spots that transform manageable risks into existential threats. The most alarming discovery in our 2025 research is how visibility gaps cluster together. Organizations rarely have just one blind spot—unknowns breed unknowns in a cascade of expanding risk.

DOWNLOAD THE FULL REPORT