Report Warns Supply Chains Are “Flying Blind” on Data Risks

Nearly half of organizations cannot accurately track third-party vendors, creating a cascade of risks.

Sep 10, 2025
Supply Chain Security Metamorworks
istock.com/metamorworks

Kiteworks, a leading provider of data privacy and compliance solutions, recently released its 2025 Data Security and Compliance Risk: Annual Survey Report, revealing that most organizations lack the visibility needed to manage risks across their vendor ecosystems — potentially putting supply chains at critical financial, operational, and compliance risk.

“The complexity of modern supply chains has outgrown manual oversight,” said Tim Freestone, Chief Marketing Officer, Kiteworks. “Procurement and supply chain leaders must recognize that every vendor relationship is also a data relationship. Without clear visibility, organizations are effectively flying blind — and paying the price.”

The report highlights that nearly half of organizations cannot accurately track their third-party vendors, creating a cascade of risks. Companies managing 1,001–5,000 vendor relationships — the so-called “danger zone” — are particularly vulnerable, with 24 percent experiencing seven or more breaches annually, and 26 percent facing $3–5 million in potential litigation costs. This range represents a gap where manual oversight fails but enterprise automation has not yet been implemented.

Additional findings include:

  • A lack of visibility into vendor counts and AI usage can lead to untracked compliance hours, increasing operational risk.
  • For every $1 spent on visible compliance, organizations incur $2.33 in hidden costs from audit inefficiencies, wasted staff time, and delayed operational improvements.
  • 17 percent of organizations have AI governance frameworks, yet AI tools increasingly flow through vendor networks, exposing intellectual property, privacy and regulatory vulnerabilities.
  • Five foundational measures can dramatically reduce risk: 1) accurate vendor counts, 2) percentage of AI-generated content, 3) documented breach history, 4) compliance time investment, 5) detection speed monitoring.
  • Kiteworks’ 1–10 risk algorithm synthesizes vendor-related breach frequency, detection speed, and financial impact, helping supply chain executives to quantify risk and prioritize interventions.

The complete Kiteworks 2025 Data Security and Compliance Risk: Annual Survey Report is available here

Latest in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
September 5, 2025
Malware Sashkinw
Report Shows Surge in Malware Complexity
September 10, 2025
Sbd Vadim Shechkov
The Strategic Role of Static IPs in Modern Industrial Networks
September 10, 2025
Computer Crime Concept 516607038 2125x1416 (1)
When Cybercriminals Weaponize Artificial Intelligence at Scale
September 10, 2025
Related Stories
Malware Sashkinw
Cybersecurity
Report Shows Surge in Malware Complexity
Sbd Vadim Shechkov
Cybersecurity
The Strategic Role of Static IPs in Modern Industrial Networks
Computer Crime Concept 516607038 2125x1416 (1)
Artificial Intelligence
When Cybercriminals Weaponize Artificial Intelligence at Scale
Strengthen Your Manufacturing Sales Resiliency
Sponsor Content
Strengthen Your Manufacturing Sales Resiliency
More in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
Discover manufacturing sales and marketing strategies for today’s volatile market. Get guide now!
September 5, 2025
Sbd Vadim Shechkov
Cybersecurity
The Strategic Role of Static IPs in Modern Industrial Networks
Simultaneously ensuring uptime and security.
September 10, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Artificial Intelligence
When Cybercriminals Weaponize Artificial Intelligence at Scale
New to the arsenal - 'agentic cybercrime,' where AI becomes a hacker's strategic advisor and operational commander.
September 10, 2025
Financial Cyber
Cybersecurity
Uniting Teams to Strengthen Ransomware Resilience
Advancements in hacker tactics are placing pressure on new areas of the enterprise.
September 10, 2025
Business Teamwork Puzzle Pieces 000044718556 Medium
Cybersecurity
Mitsubishi Electric to Acquire Nozomi Networks
The acquisition will look to fuel more effective cyber defenses and improve operational resilience.
September 10, 2025
I Stock 1401695291
Cybersecurity
Tool Supplier Reports Ransomware Attack
The attack was reportedly the second to hit the company since 2022.
September 10, 2025
Cybersecurity
Cybersecurity
Stop Firefighting and Start Foreseeing Network Problems
There’s an unshakable air of unpreparedness.
September 4, 2025
Hacktivist Peshkov
Cybersecurity
Report Shows Fake Internal Emails Dominate Phishing Schemes
Workers continue to be vulnerable to emails that appear to be from HR, IT or major brands.
September 4, 2025
Ransomware
Cybersecurity
Alarmingly Organized Criminal Enterprises
The surprising anatomy of ransomware groups and their growing threat.
September 4, 2025
Ep148
Video
Security Breach: Threat Landscape Update
Hackers are smarter, industrial systems are tough, and there's still no patch for humans.
September 4, 2025
Phishing Tadamichi
Cybersecurity
Defending Against New RAT Attack
The phishing scheme entices victims into downloading the UpCrypter malware.
September 4, 2025
Hacking Alarm
Cybersecurity
New Study Reveals Insider Threats, AI Complexities Driving Security Risks
File-related breaches are costing an average of $2.7 million per incident.
September 4, 2025
Machine Vision
Cybersecurity
Critical Infrastructure's Soft Underbelly: Outdated Surveillance Equipment
Attackers know about their exploitable flaws, and are taking advantage.
September 3, 2025
Peach Istock Ai Cyber
Cybersecurity
Shadow AI Shines Light on Escalating Concerns
Unauthorized tools are unintentionally expanding manufacturers' attack surfaces.
September 3, 2025
General Cyberattack
Cybersecurity
CISA, Partners Release Advisory on Chinese State-Sponsored Actors
The group, which has many aliases, continues to play the long game in targeting critical infrastructure.
August 28, 2025