Kiteworks: The Rising Costs of Data Breach Litigation

Share
John Lynch, Director at Kiteworks
Third-party data exchanges lead to increased security incidents, with businesses using multiple communication tools facing litigation costs of up to $7m

Global enterprises face mounting pressure to secure sensitive data across an expanding network of communication channels and third-party relationships. Recent regulatory changes, including updates to the EU’s General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA), have increased the financial stakes for organisations that fail to protect sensitive information, with breach notification requirements and enhanced penalties meaning that security failures now carry both immediate and long-term financial consequences.

Against this backdrop, recent research from Kiteworks has indicated that organisations managing multiple communication channels for sensitive data face heightened security risks and escalating breach-related costs.

John Lynch, Director at Kiteworks, notes that content security remains a core challenge for enterprise IT teams. “Sensitive content is generally at the very centre of what security teams need to protect in their corporate IT systems,” he says. “Yet, it is often easier said than done. In fact, research we undertook recently found that only 11% of businesses said that no improvement is needed in their management of content security.

Key facts
  • Organisations using seven or more communication tools experience data breaches at 3.55 times the average rate
  • 46% of EMEA companies lose tracking ability for more than half their sensitive content after it leaves their organisation
  • 50% of firms sharing data with over 5,000 third parties face litigation costs exceeding $5 million

“Many of the security challenges of a modern business are exacerbated by the complexity of operational processes commonplace today. Between a proliferation of communication tools and the inability of many organisations to get rid of legacy manual processes, it is perhaps inevitable that security and compliance problems will slip through the cracks.”

Communication tool proliferation drives breach incidents at major enterprises

The research identifies a correlation between the number of communication tools deployed and data breach frequency. Organisations using more than seven communication platforms – including email, file sharing, managed file transfer (MFT), SSH File Transfer Protocol (SFTP) and web forms – experience breach incidents at 3.55 times the average rate.

“Most businesses use a number of communication tools to send and share sensitive content,” John says. “Cross-analysis pinpoints that, perhaps unsurprisingly, organisations with a higher rate of data breaches use the most communication tools. A third (32%) of organisations with 10 or more data breaches have more than seven communication tools.”

Kiteworks’ data shows that 48% of organisations with six communication tools experienced seven to nine data breaches. These figures contrast with the average across all respondents, where only 9% reported 10 data breaches and 23% reported seven to nine breaches.

Youtube Placeholder

The financial impact proves substantial. Companies operating seven or more communication tools report breach litigation costs exceeding US$7m at 3.25 times the average rate.

Third-party data exchange creates new vulnerabilities for EMEA firms

The research highlights particular challenges in third-party data exchange within the Europe, Middle East and Africa (EMEA) region. “Once this sensitive content leaves an organisation, four-in-ten (39%) businesses indicate they are unable to track and control access to 50% or less,” John explains. “Companies here in EMEA in particular find it challenging, with 46% admitting they lose the ability to track and control access to 50% or less of sensitive content once it leaves their organisation.”

Here, John emphasises the scope of the challenge: “Look at the entire data chain. Most organisations need to exchange large volumes of sensitive data with hundreds, if not thousands, of third parties daily. Because of this, third-party risk has never been higher for organisations in all industries. The necessity of exchanging sensitive content only accentuates the threat.”

Kiteworks research found that only 11% of businesses said that no improvement is needed in their management of content security.

The scale of third-party interactions correlates with breach frequency. Organisations exchanging sensitive content with 5,000 or more external parties experienced 10 or more breaches last year. Those working with 2,500 to 4,999 third parties reported seven or more breaches in 47% of cases.

“Unfortunately, businesses can incur significant legal costs that are often not accounted for in traditional breach cost estimations,” John highlights. “Damaged brand reputation, lost revenue and disrupted operations are only one aspect resulting from data breaches. Compliance fines and penalties as well as extended litigation costs can have a long-tail effect felt over extended time frames.”

The research found that 50% of organisations sharing sensitive data with more than 5,000 third parties faced litigation costs above US$5m. Among those exchanging data with 2,500 to 4,999 third parties, 44% reported similar expense levels.

Damaged brand reputation, lost revenue, and disrupted operations are only one aspect resulting from data breaches. Compliance fines and penalties as well as extended litigation costs can have a long-tail effect felt over extended time frames.

John Lynch, Director, Kiteworks

Recent trends suggest movement toward consolidation of communication tools to reduce risk and improve operational efficiency. “Because of this, it is important to select sensitive content communication tools that adhere to security standards like FedRAMP, ISO 27001, SOC 2 Type II, NIST CSF 2.0 and others.

“By reducing the number of disparate tools used for content communication, organisations can significantly lower the risk of data breaches and improve operational efficiency,” John says. “There are also, clearly, significant risks associated with sensitive content exchanges with third parties so this needs to be examined. Put simply, the more third parties with which respondents send and share sensitive content, the more data breaches and higher litigation costs they experience. As a result, it is imperative that organisations ensure they have comprehensive governance tracking and controls as well as advanced security capabilities in place to mitigate third-party risks.”


Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security