A survey by Kiteworks revealed that energy and utilities sector organizations identified as the highest-risk group face severe blind spots in breach tracking, third-party visibility, and AI governance. 24% of firms with 1,001–5,000 third parties experience at least seven breaches annually, with 46% reporting the highest supply chain risk and 42% taking 31–90 days to detect breaches. Slow detection correlates with litigation costs exceeding $3 million for over 75% of entities with 10+ hacks yearly. The sector’s lack of AI governance (only 17% with full frameworks) and 36% of uncertain AI users deploying no privacy-enhancing technologies exacerbate risks. Regional disparities (e.g., Middle East’s zero 24-hour detection, APAC’s 35% inability to assess AI risks) compound the crisis. The cumulative effect includes missed compliance demonstrations, cascading financial/reputational damage, and operational disruptions threatening critical infrastructure reliability and public safety. The survey underscores how visibility gaps directly enable high-impact breaches, with energy/utilities facing systemic vulnerabilities due to unmonitored third-party ecosystems and AI exposures.
TPRM report: https://www.rankiteo.com/company/kiteworksuk
"id": "kit1302613090825",
"linkid": "kiteworksuk",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': ['Energy & Utilities',
'Technology',
'Life Sciences & Pharma',
'Cross-Sector (Global)'],
'location': ['North America',
'Europe',
'APAC',
'Middle East'],
'size': '1,001–5,000 third-party relationships '
'(highest risk segment)',
'type': ['Enterprises', 'Third-Party Vendors']}],
'attack_vector': ['Third-Party Vulnerabilities',
'Lack of Visibility',
'Poor AI Governance'],
'date_publicly_disclosed': '2024-06-20T00:00:00Z',
'description': 'A Kiteworks survey of 461 organizations across North America, '
'Europe, APAC, and the Middle East reveals that 46% of '
'companies unaware of their third-party count also lack '
'knowledge of their breach frequency. This lack of visibility '
'cascades into higher supply chain risks, delayed breach '
'detection (31–90 days for 42% of firms with 1,001–5,000 third '
'parties), and litigation costs exceeding $3M for 75%+ of '
'organizations facing 10+ breaches annually. Additionally, 36% '
'of firms unaware of AI usage implement zero privacy-enhancing '
'technologies (PETs), exacerbating governance gaps. High-risk '
'sectors include energy/utilities, technology, and life '
'sciences/pharma. The report urges enterprises to track '
'third-party counts, AI data flows, and deploy '
'enterprise-grade controls to reduce breach rates by 43%.',
'impact': {'brand_reputation_impact': 'High (due to public disclosure of '
'governance failures)',
'financial_loss': {'litigation_costs': '≥ $3,000,000 (for '
'organizations with 10+ '
'breaches/year)',
'operational_costs': None},
'legal_liabilities': 'Significant (75%+ of high-breach firms face '
'litigation)',
'operational_impact': 'Increased breach frequency (up to 7+ '
'breaches/year for 24% of firms with '
'1,001–5,000 third parties)'},
'initial_access_broker': {'entry_point': ['Unmonitored third-party '
'relationships',
'Shadow AI usage'],
'high_value_targets': ['Supply chain data',
'AI training datasets',
'Customer/employee PII '
'(implied)']},
'investigation_status': 'Completed (survey-based analysis)',
'lessons_learned': ['Lack of visibility into third-party ecosystems and AI '
'usage directly correlates with higher breach frequencies '
'and litigation costs.',
'Organizations with 1,001–5,000 third parties face the '
'highest supply chain risk (46%) and longest detection '
'times (31–90 days for 42%).',
'Only 17% of firms have fully implemented AI governance '
'frameworks, leaving 36% with unknown AI usage and no '
'PETs.',
'Regional disparities exist (e.g., Middle East with zero '
'24-hour detection, APAC with 35% unable to assess AI '
'risks).'],
'post_incident_analysis': {'corrective_actions': ['Mandate third-party risk '
'assessments for all '
'vendors.',
'Implement AI data flow '
'mapping and PETs.',
'Reduce detection times '
'with automated monitoring.',
'Align with regional '
'regulations (e.g., EU Data '
'Act, GDPR).'],
'root_causes': ['Lack of third-party inventory '
'visibility (46% of firms)',
'Absence of AI governance '
'frameworks (83% partial/no '
'implementation)',
'Delayed breach detection (31–90 '
'days for 42% of high-third-party '
'firms)',
'Regional compliance gaps (e.g., '
'12% EU Data Act readiness)']},
'recommendations': ['Track exact third-party counts and AI data flows to '
'achieve 43% higher breach-free rates.',
'Deploy enterprise-grade controls before exceeding 1,000 '
'third-party relationships.',
'Implement privacy-enhancing technologies (PETs) for AI '
'governance.',
'Prioritize visibility tools to reduce detection times '
'and litigation costs.',
'Adopt sector-specific frameworks for high-risk '
'industries (energy, pharma, tech).'],
'references': [{'date_accessed': '2024-06-20',
'source': 'Kiteworks Survey Report (2024)'},
{'date_accessed': '2024-06-20',
'source': "ITPro Article: 'Organizations flying blind on data "
"breaches, AI use, and third-party counts'",
'url': 'https://www.itpro.com/security/data-breaches/organizations-flying-blind-on-data-breaches-ai-use-and-third-party-counts'}],
'regulatory_compliance': {'legal_actions': 'Litigation (75%+ of high-breach '
'organizations)',
'regulations_violated': ['EU Data Act (12% '
'readiness in Europe)',
'General Data Protection '
'Regulations (implied by '
'PETs gaps)']},
'response': {'communication_strategy': 'Public survey report by Kiteworks; '
'media coverage (e.g., ITPro)',
'remediation_measures': ['Track exact third-party counts',
'Deploy enterprise-grade controls '
'before reaching 1,001 third parties',
'Monitor AI data flows',
'Introduce privacy programs']},
'stakeholder_advisories': 'Urgent call for transformative change in 2025, per '
'Kiteworks CMO Tim Freestone.',
'title': 'Lack of Visibility in Third-Party and AI Governance Leading to '
'Increased Breach Risks and Litigation Costs',
'type': ['Data Breach', 'Supply Chain Risk', 'AI Governance Failure'],
'vulnerability_exploited': ['Unknown Third-Party Relationships',
'Unmonitored AI Data Flows',
'Absence of Privacy-Enhancing Technologies '
'(PETs)']}