Kiteworks: Zero-day threats and compliance failures forcing a rethink of vendor selection

    May 20, 2025
    Organizations are increasingly prioritizing regulatory compliance capabilities when selecting vendors.
    682cad5dd9b756f2b4f8b5be Programmingbackgroundwithpersonworkingwithcodescom

    Kiteworks released findings from its Data Security and Compliance Buyer Behavior Survey, conducted by Centiment.

    The Data Security and Compliance Buying Behavior Survey reveals that security is the dominant factor in vendor selection decisions. This focus on security comes at a critical time, as Google's 2024 Zero-Day Exploitation Analysis Report found that 44% of zero-day vulnerabilities targeted enterprise data exchange systems, such as Managed File Transfer (MFT) platforms.

    It also demonstrates that organizations are increasingly prioritizing regulatory compliance capabilities when selecting vendors, with 31% of respondents identifying compliance as a decisive factor in their final vendor selection. This focus is driven by the need to navigate complex regulations like GDPR, HIPAA, CMMC 2.0, the EU Data Act, and the EU AI Act, effective September 2025.

    The importance of compliance is further highlighted by several key findings:

    • 56% of respondents rate security certifications as "extremely important" during the vendor discovery phase.
    • More than half struggle to obtain adequate security information during vendor evaluations.
    • 63% of respondents actively seek detailed security and compliance information before even engaging with potential vendors.
    • Nearly one-quarter reject vendors over security concerns often tied to compliance failures.

    Compliance and Emerging Threats Require Unified Solutions

    As threats continue to evolve, the need for unified compliance solutions becomes even more critical. This trend aligns with the Verizon 2025 Data Breach Investigations Report, which shows third-party breaches have doubled to 30%, particularly through attacks on legacy file sharing and transfer solutions.

    Kiteworks' own annual survey reinforces this concern, finding nearly 60% of organizations lack comprehensive governance tracking and controls for their third-party data exchanges. Meanwhile, vendor reputation and stability remain key factors, with nearly two-thirds of respondents prioritizing these attributes during the vetting process, including 30% indicating vendor stability is a high priority.

    Integration Capabilities Enhance Value

    While security and compliance form the foundation of vendor selection, the survey reveals that practical implementation concerns also heavily influence buying decisions. Seamless integration capabilities prove critical for customer satisfaction and long-term success, with 42% of survey respondents identifying integration capabilities as a key value driver. The importance of this factor is further emphasized by the 39% of respondents who reported eliminating potential vendors from consideration specifically due to inadequate integration capabilities.

    "Customers demand solutions that deliver robust security and compliance without sacrificing usability or integration capabilities," said Tim Freestone, Chief Marketing Officer at Kiteworks. "The survey confirms what we hear directly from our customers in regulated industries—that organizations need a unified approach to private data security that addresses the full spectrum of security threats while simplifying compliance and seamlessly integrating with existing workflows."

    Kiteworks, Coalfire release CMMC 2.0 Preparedness in DIB report
    Kiteworks releases 2024 Top 11 Data Breaches report