Kiteworks Releases 2024 Top 11 Data Breaches Report Using Risk Exposure Index to Reveal True Breach Impact - Middle East Business News and Information
Proprietary Risk Scoring Shows Data Sensitivity Outweighs Record Count in Breach Severity—National Public Data Breach Tops Risk Score at 8.93, While Change Healthcare's Supply Chain Impact Scores Perfect 10.0
Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and save of sensitive data, today releases its 'Top 11 Data Breaches of 2024' report. The research applies Kiteworks' Risk Exposure Index (REI), a proprietary methodology introduced in summer 2024, to quantify and compare the severity of the year's most significant breach events.
The REI assessment reveals that raw numbers of records exposed, while important, tell only part of the story. By analysing factors including data sensitivity, financial impact, regulatory implications, and attack sophistication, the report provides a nuanced measurement of organizational and consumer risk far beyond traditional metrics.
'Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses,' says Tim Freestone, Chief Marketing Officer at Kiteworks. 'When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organisations to more effectively prioritize their security investments.'
Key Risk Exposure Index Findings
Supply Chain Impact Reaches Perfect Score: The Change Healthcare breach received a 10.0 Supply Chain Impact score, the highest possible rating, reflecting the catastrophic downstream effects on thousands of healthcare providers nationwide. By comparison, the National Public Data breach scored 8.5 for Supply Chain Impact, illustrating how our methodology quantifies ecosystem-wide risk.
Attack Vector Sophistication Varies Significantly: The report's analysis shows significant variation in Attack Vector Sophistication scores, ranging from 5.4 (DemandScience) to 8.4 (National Public Data). This variance highlights how some breaches exploit advanced persistent techniques while others leverage basic misconfigurations.
Risk Score Rankings Reveal True Impact: The National Public Data breach achieved the highest overall risk score (8.93) due to its unprecedented scale, while the Change Healthcare breach ranked second (8.7) despite affecting fewer records. Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6) demonstrate how breaches of varying sizes can pose similar risk levels when analyzed comprehensively.
Data Sensitivity Drives Risk: Multi-factor analysis across all breaches indicates that the three most influential factors in determining breach severity are:
Data Sensitivity (24% influence): The nature of compromised information proved the single most important factor in determining real-world impact, with financial and health data breaches creating the most significant individual harm.
Financial Impact (22% influence): The economic consequences for the breached organisation and affected individuals strongly influenced overall risk assessment, with ecosystem disruption creating particularly severe impacts.
Regulatory Compliance (18% influence): The regulatory environment significantly shaped breach outcomes, with highly regulated industries facing more substantial consequences and response requirements.
This correlation between data sensitivity and risk score (r=0.78) was particularly strong in healthcare and financial services breaches.
'What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement,' says Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. 'Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organisations must prioritise protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target.'
Rank
Data Breach
Supply Chain Impact
Attack Vector Sophistication
Risk Score
1
National Public Data
8.5
8.4
8.9
2
Change Healthcare
10.0
8.2
8.7
3
Ticketmaster Entertainment
6.8
8.2
8.7
4
AT&T
5.4
6.5
8.5
5
Hot Topic
8.2
7.8
7.7
6
LoanDepot
4.2
7.1
7.6
7
Kaiser Foundation Health Plan
7.8
6.9
7.6
8
DemandScience by Pure Incubation
6.9
5.4
7.1
9
Dell Technologies
5.9
7.4
7.2
10
MC2 Data
5.2
5.7
6.9
11
U.S. Environmental Protection Agency
4.2
6.8
6.2
Risk Exposure Score of Top 11 Data Breaches in 2024 The full 'Top 11 Data Breaches of 2024' report can be downloaded here.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mid East Info
21-05-2025
- Mid East Info
Kiteworks Survey Kiteworks Survey Finds Zero-Day Threats and Compliance Failures Are Forcing a Rethink of Vendor Selection
Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and use of private data, today revealed compelling evidence for its market growth through findings from the Data Security and Compliance Buyer Behavior Survey. The study, conducted by Centiment, demonstrates why regulated industries are gravitating toward the company's Private Data Network as their solution of choice for mission-critical security and compliance challenges. Zero-Trust Data Exchange The Data Security and Compliance Buying Behavior Survey reveals that security is the dominant factor in vendor selection decisions. This focus on security comes at a critical time, as Google's 2024 Zero-Day Exploitation Analysis Report found that 44% of zero-day vulnerabilities targeted enterprise data exchange systems, such as Managed File Transfer (MFT) platforms. Kiteworks' Zero-Trust Data Exchange architecture directly addresses these vulnerabilities by ensuring that all data exchanges are authenticated, encrypted, and monitored – regardless of the communication channel or endpoint. Compliance Certifications: A Critical Decision Factor The survey clearly demonstrates that organisations are increasingly prioritising regulatory compliance capabilities when selecting vendors, with 31% of respondents identifying compliance as a decisive factor in their final vendor selection. This focus is driven by the need to navigate complex regulations like GDPR, HIPAA, CMMC 2.0, the EU Data Act, and the EU AI Act, effective September 2025. The importance of compliance is further highlighted by several key findings: 56% of respondents rate security certifications as 'extremely important' during the vendor discovery phase. More than half struggle to obtain adequate security information during vendor evaluations. 63% of respondents actively seek detailed security and compliance information before even engaging with potential vendors. Nearly one-quarter reject vendors over security concerns often tied to compliance failures. Kiteworks addresses these pain points with a robust compliance framework, including FedRAMP Moderate Authorized, FedRAMP High Ready, SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, and IRAP validations, ensuring seamless adherence to global standards. Compliance and Emerging Threats Require Unified Solutions As threats continue to evolve, the need for unified compliance solutions becomes even more critical. This trend aligns with the Verizon 2025 Data Breach Investigations Report, which shows third-party breaches have doubled to 30%, particularly through attacks on legacy file sharing and transfer solutions. Kiteworks' own annual survey reinforces this concern, finding nearly 60% of organisations lack comprehensive governance tracking and controls for their third-party data exchanges. Meanwhile, vendor reputation and stability remain key factors, with nearly two-thirds of respondents prioritising these attributes during the vetting process, including 30% indicating vendor stability is a high priority. Integration Capabilities Enhance Value While security and compliance form the foundation of vendor selection, the survey reveals that practical implementation concerns also heavily influence buying decisions. Seamless integration capabilities prove critical for customer satisfaction and long-term success, with 42% of survey respondents identifying integration capabilities as a key value driver. The importance of this factor is further emphasised by the 39% of respondents who reported eliminating potential vendors from consideration specifically due to inadequate integration capabilities. Organisations considering Kiteworks benefit from its comprehensive integration capabilities: Enterprise Authentication & Security Integration: Seamless connectivity with LDAP/Active Directory, single sign-on solutions, SIEM platforms, Splunk, HSM, and other security tools for comprehensive identity management and threat detection Productivity Suite & Legacy System Support: Deep integration with Microsoft Office, Outlook, G Suite, SharePoint, internal file shares, and legacy systems to maintain user productivity while enforcing security controls Automation & Administration: No-code MFT automation capabilities and centralised management through a single administrative console, reducing complexity while maintaining regulatory compliance across the entire data communication ecosystem API Extensibility: Comprehensive REST API and SCIM support for custom integration development and automated workflows 'Customers demand solutions that deliver robust security and compliance without sacrificing usability or integration capabilities,' says Tim Freestone, Chief Marketing Officer at Kiteworks. 'The survey confirms what we hear directly from our customers in regulated industries – that organisations need a unified approach to private data security that addresses the full spectrum of security threats while simplifying compliance and seamlessly integrating with existing workflows. This is precisely why our Private Data Network continues to be the preferred choice for organisations that can't afford to compromise on data protection.'
Mid East Info
24-04-2025
- Mid East Info
Kiteworks slashes storage costs with Wasabi Technologies while boosting security - Middle East Business News and Information
Integration with Wasabi hot cloud storage delivers cost-effective cloud storage with enterprise-grade security and compliance Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and use of private data, today announced a partnership with Wasabi Technologies, the hot cloud storage company, to deliver an integrated cloud storage and secure file transfer solution. The partnership addresses growing market demand for cost-effective cloud storage alternatives that maintain enterprise-grade security, compliance, and automation capabilities. Organisations across regulated industries are increasingly seeking comprehensive solutions that address both rising cloud storage costs and growing security and compliance requirements for sensitive data. Wasabi and Kiteworks deliver business outcomes that create a complete solution, addressing the operational, security, and compliance challenges of modern data management. 'Our partnership with Kiteworks creates a powerful solution that transforms how organisations manage, secure, and transfer their data,' says Laurie Mitchell, Senior Vice President, Global Alliances and Partner Marketing, Wasabi Technologies. 'By combining Wasabi 's affordable, high-performance and scalable cloud storage with Kiteworks' secure managed file transfer capabilities, we're helping customers achieve operational excellence while meeting the most stringent security and compliance requirements.' The combined solution delivers four key advantages: Optimised Total Cost of Ownership: Wasabi provides cloud storage with no egress fees at costs up to 80% lower than traditional providers like AWS S3, Azure Blob, and Google Cloud, while delivering performance advantages. When combined with Kiteworks' automated governance and security capabilities, organisations benefit from both immediate storage cost reduction and long-term risk mitigation, helping avoid costly compliance penalties, security breaches, and operational inefficiencies. Enhanced Data Security & Compliance: The integration pairs Wasabi 's secure, high-performance cloud storage with Kiteworks' Private Data Network (PDN) that manages risk in every send, share, receive, and use of sensitive data. Kiteworks is validated with various security standards, including FedRAMP® Ready High and FedRAMP Moderate Authorized (since 2017), SOC 2 Type II, IRAP, ISO 27001, 27017, and 27018, among others. Wasabi also achieved FedRAMP Ready status for government organisations to take advantage of its industry-leading cloud storage service. Seamless Migration & Integration: Kiteworks Secure MFT makes it simple to automate and secure both initial migration and ongoing data operations with Wasabi . Its form-based workflow designer lets teams quickly configure automated transfers, while its graphical dashboard and comprehensive, centralised audit log of all data movements and errors enables organisations to track data transfer progress, troubleshoot problems, and demonstrate compliance with security policies and regulations. Reduced Risk & IT Burden: Kiteworks' PDN provides a hardened virtual appliance with built-in defense in-depth, antivirus, zero-trust interfaces, and simple clustering for scale-out and high availability. Organisations can enforce policies with least-privilege access controls, strong encryption, and in-transit scans that utilise existing DLP and CDR servers. 'Organisations today are looking for solutions that deliver measurable business impact across multiple dimensions,' says David Byrnes, VP Global Channels, Kiteworks. 'This partnership creates a powerful combination where the whole is greater than the sum of its parts. Together, we're enabling organisations to achieve operational efficiency, risk reduction, and governance at scale. Customers can now seamlessly manage their entire data life cycle – from storage to secure sharing – with complete visibility, control, and compliance, creating tangible business value beyond what either solution could deliver independently.' The partnership particularly benefits organisations in highly regulated industries, including healthcare, financial services, government, legal services, and media and entertainment. The solution addresses key pain points for IT and security leaders responsible for cost efficiency, data protection, and regulatory compliance while handling sensitive data. For managed service providers (MSPs), the Wasabi and Kiteworks partnership creates strategic advantages and new revenue streams. MSPs can position themselves as security and compliance advisors, offering high-value services beyond commodity cloud storage. This integrated solution enables MSPs to build tiered offerings, increase customer retention, and differentiate by delivering measurable business outcomes. The integrated Wasabi and Kiteworks solution is available immediately through Climb Channel Solutions.
Mid East Info
22-04-2025
- Mid East Info
Kiteworks Releases 2024 Top 11 Data Breaches Report Using Risk Exposure Index to Reveal True Breach Impact - Middle East Business News and Information
Proprietary Risk Scoring Shows Data Sensitivity Outweighs Record Count in Breach Severity—National Public Data Breach Tops Risk Score at 8.93, While Change Healthcare's Supply Chain Impact Scores Perfect 10.0 Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and save of sensitive data, today releases its 'Top 11 Data Breaches of 2024' report. The research applies Kiteworks' Risk Exposure Index (REI), a proprietary methodology introduced in summer 2024, to quantify and compare the severity of the year's most significant breach events. The REI assessment reveals that raw numbers of records exposed, while important, tell only part of the story. By analysing factors including data sensitivity, financial impact, regulatory implications, and attack sophistication, the report provides a nuanced measurement of organizational and consumer risk far beyond traditional metrics. 'Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses,' says Tim Freestone, Chief Marketing Officer at Kiteworks. 'When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organisations to more effectively prioritize their security investments.' Key Risk Exposure Index Findings Supply Chain Impact Reaches Perfect Score: The Change Healthcare breach received a 10.0 Supply Chain Impact score, the highest possible rating, reflecting the catastrophic downstream effects on thousands of healthcare providers nationwide. By comparison, the National Public Data breach scored 8.5 for Supply Chain Impact, illustrating how our methodology quantifies ecosystem-wide risk. Attack Vector Sophistication Varies Significantly: The report's analysis shows significant variation in Attack Vector Sophistication scores, ranging from 5.4 (DemandScience) to 8.4 (National Public Data). This variance highlights how some breaches exploit advanced persistent techniques while others leverage basic misconfigurations. Risk Score Rankings Reveal True Impact: The National Public Data breach achieved the highest overall risk score (8.93) due to its unprecedented scale, while the Change Healthcare breach ranked second (8.7) despite affecting fewer records. Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6) demonstrate how breaches of varying sizes can pose similar risk levels when analyzed comprehensively. Data Sensitivity Drives Risk: Multi-factor analysis across all breaches indicates that the three most influential factors in determining breach severity are: Data Sensitivity (24% influence): The nature of compromised information proved the single most important factor in determining real-world impact, with financial and health data breaches creating the most significant individual harm. Financial Impact (22% influence): The economic consequences for the breached organisation and affected individuals strongly influenced overall risk assessment, with ecosystem disruption creating particularly severe impacts. Regulatory Compliance (18% influence): The regulatory environment significantly shaped breach outcomes, with highly regulated industries facing more substantial consequences and response requirements. This correlation between data sensitivity and risk score (r=0.78) was particularly strong in healthcare and financial services breaches. 'What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement,' says Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. 'Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organisations must prioritise protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target.' Rank Data Breach Supply Chain Impact Attack Vector Sophistication Risk Score 1 National Public Data 8.5 8.4 8.9 2 Change Healthcare 10.0 8.2 8.7 3 Ticketmaster Entertainment 6.8 8.2 8.7 4 AT&T 5.4 6.5 8.5 5 Hot Topic 8.2 7.8 7.7 6 LoanDepot 4.2 7.1 7.6 7 Kaiser Foundation Health Plan 7.8 6.9 7.6 8 DemandScience by Pure Incubation 6.9 5.4 7.1 9 Dell Technologies 5.9 7.4 7.2 10 MC2 Data 5.2 5.7 6.9 11 U.S. Environmental Protection Agency 4.2 6.8 6.2 Risk Exposure Score of Top 11 Data Breaches in 2024 The full 'Top 11 Data Breaches of 2024' report can be downloaded here.
