Most organizations lack the visibility needed to manage risks across their vendor ecosystems, putting supply chains at critical financial, operational, and compliance risk, according to 2025 Data Security and Compliance Risk: Annual Survey Report, released by Kiteworks.
“The complexity of modern supply chains has outgrown manual oversight,” says Tim Freestone, chief marketing officer, Kiteworks. “Procurement and supply chain leaders must recognize that every vendor relationship is also a data relationship. Without clear visibility, organizations are effectively flying blind and paying the price.”
Key takeaways:
· Nearly half of organizations cannot accurately track their third-party vendors, creating a cascade of risks.
· Companies managing 1,001–5,000 vendor relationships — the so-called “danger zone” — are particularly vulnerable: 24% experience seven or more breaches annually, and 26% face $3–5 million in potential litigation costs.
- For every $1 spent on visible compliance, organizations incur $2.33 in hidden costs from audit inefficiencies, wasted staff time, and delayed operational improvements.
- Only 17% of organizations have AI governance frameworks, yet AI tools increasingly flow through vendor networks, exposing intellectual property, privacy, and regulatory vulnerabilities.
- Five foundational measures can dramatically reduce risk: 1) Accurate vendor counts, 2) Percent of AI-generated content, 3) Documented breach history, 4) Compliance time investment, 5) Detection speed monitoring.
“Automated tracking, centralized monitoring, and governance frameworks are no longer optional. Organizations that implement these practices reduce risk, streamline operations, and gain a measurable financial advantage across their supply chains,” adds Patrick Spencer, SVP, Americas marketing and industry research, Kiteworks.
