The 2025 Cybersecurity Reckoning: Kiteworks Report Exposes Critical Blind Spots

Runqi Hu September 26, 2025

Jump To Key Section

The Kiteworks 2025 Report with Patrick Spencer and Tim Freestone

Companies are increasingly facing growing risks in the present corporate scene as sensitive data travels across several clouds, partnerships, and internal networks. Although digital transformation speeds up processes, it also causes many blind areas that expand attack surfaces, make compliance initiatives more difficult, and increase expenses. 

The recently released 2025 Data Security and Compliance Risk: Annual Survey Report by Kiteworks shows how important this lack of visibility is financially. Alongside Patrick Spencer, the Senior Vice President, we interact with Tim Freestone, the Chief Marketing Officer at Kiteworks, in this illuminating Q&A session. They investigate the main conclusions of the study to explain the causes of the general difficulties companies have with essential security visibility. 

They also explore how cascading risks are exacerbated by uncontrolled AI and vast vendor ecosystems. The discussion also exposes Kiteworks’ cutting-edge risk scoring algorithm uncovers weaknesses in several businesses and areas. They offer a thorough examination of how companies may move from just ignoring compliance costs to the dangerous danger zone related to third-party partnerships. Incremental changes to transformative approaches are intended to reduce exposure and improve general results.

Fundamental knowledge gap found in the Annual Survey Report affects their general security stance. How?

Organizations that cannot address fundamental questions about their security cause what is called a cascade effect. Companies without knowledge of their breach frequency typically also find it difficult to account for their suppliers, evaluate AI use, or monitor compliance hours. One issue that manifests in several ways, this scenario has many problems. Excluding damage to their brand, lost revenue, regulatory penalties and threats, and while threats keep growing all around them, they are essentially working in the shadows.

Data shows that the governance systems are created by only 17% of businesses. Patrick and Tim explain the factors contributing to this difference.

The fast rate of change has upset conventional governance systems. It took a decade for companies to develop policies after the adoption of cloud technology, so giving them the time needed. By contrast, less than three years saw AI change from experimental to crucial. Five new AI tools have already been incorporated into employees’ operations by the time governance committees meet for their first conversation on ChatGPT training

Though monitoring does not equal governance, our research shows that 64% of companies presently track material created by artificial intelligence, a dramatic rise from only 28% last year. Among the companies ignorant of their artificial intelligence data exposure, 36% do not employ any privacy-enhancing measures, hence creating major blind spots.

Over the years, the longitudinal data present only a rise of 9% points in the adoption of encryption. Why is development so sluggish?

Organizations are meeting exponentially growing risks with just gradual actions. Although encryption rose from 47% to 56% over four years, vendor relationships exploded, the turning point of artificial intelligence soared, and compliance demands increased sharply. The basic problem is that slow, incremental developments cannot keep up with the speed of swiftly evolving hazards. Organizations need change instead of just repetition to meet current security issues.

Role of geographic variability affecting security results that have been noted down

Though it creates distinct patterns, geography does not determine destiny. North America is leading the encryption market with a rate of 53%, but it is behind in AI governance deployment at 21%. The push for invention conflicts with security requirements. With 56% of security jobs, Europe exhibits robust IT specialization that benefits from GDPR, which promotes real capacity building. The most notable disconnection is seen in the Middle East, which requires security certifications at the highest worldwide rate (60%), yet invests the least in training (18%). Though examples of both success and failure may be seen across all areas, these regional patterns are important.

Related Posts
d-Ahmad Bazzi

Optimization, Algorithms, and the Future of Signal Processing: An Interview with Ahmad Bazzi

  Roel Landingin
Nrupesh Patel

Nrupesh Patel’s Blueprint for KPI Architecture and Enterprise Growth

  Roel Landingin
Rob Gonzalez Talks AI Commerce

Why AI Shopping is Stalling: An Interview with Rob Gonzalez

  Roel Landingin
unified design strategy

The Impact of a Unified Design Framework: Mykhailo Nykoliuk

  Roel Landingin

Dr. Vladimir Pastouk’s Non-Toxic Approach to Dental Surgery

  Roel Landingin
Generative AI 2.0

Generative AI 2.0: Tabraiz Feham on the Shift from Tools to Thinking Systems

  Roel Landingin
Alexander Mamasidikov

Alexander Mamasidikov on Why MinePlex 2.0 is the Future of Digital Assets

  Roel Landingin
Steve O’Brien’s

Disrupting the Spin: Steve O’Brien’s Blueprint for the Future of Digital PR

  Roel Landingin
india startup blueprint

The Entrepreneur’s Roadmap to India: Expert Insights from Julia Ponomareva

  Roel Landingin
×