Press Release

Proprietary risk scoring shows data sensitivity outweighs record count in breach severity—National Public Data breach tops risk score at 8.93, while Change Healthcare's supply chain impact scores perfect 10.0

Kiteworks, which empowers organizations to effectively manage risk in every send, share, receive, and use of sensitive data, today released its “Top 11 Data Breaches in 2024” report. The research applies Kiteworks’ Risk Exposure Index (REI), a proprietary methodology introduced in summer 2024, to quantify and compare the severity of the year’s most significant breach events.

The REI assessment reveals that raw numbers of records exposed, while important, tell only part of the story. By analyzing factors including data sensitivity, financial impact, regulatory implications, and attack sophistication, the report provides a nuanced measurement of organizational and consumer risk far beyond traditional metrics.

“Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses,” said Tim Freestone, Chief Marketing Officer at Kiteworks. “When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organizations to more effectively prioritize their security investments.”

Key Risk Exposure Index Findings

Supply Chain Impact Reaches Perfect Score: The Change Healthcare breach received a 10.0 Supply Chain Impact score, the highest possible rating, reflecting the catastrophic downstream effects on thousands of healthcare providers nationwide. By comparison, the National Public Data breach scored 8.5 for Supply Chain Impact, illustrating how our methodology quantifies ecosystem-wide risk.

Attack Vector Sophistication Varies Significantly: The report’s analysis shows significant variation in Attack Vector Sophistication scores, ranging from 5.4 (DemandScience) to 8.4 (National Public Data). This variance highlights how some breaches exploit advanced persistent techniques while others leverage basic misconfigurations.

Risk Score Rankings Reveal True Impact: The National Public Data breach achieved the highest overall risk score (8.93) due to its unprecedented scale, while the Change Healthcare breach ranked second (8.7) despite affecting fewer records. Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6) demonstrate how breaches of varying sizes can pose similar risk levels when analyzed comprehensively.

Data Sensitivity Drives Risk: Multi-factor analysis across all breaches indicates that the three most influential factors in determining breach severity are:

1. Data Sensitivity (24% influence): The nature of compromised information proved the single most important factor in determining real-world impact, with financial and health data breaches creating the most significant individual harm.
2. Financial Impact (22% influence): The economic consequences for the breached organization and affected individuals strongly influenced overall risk assessment, with ecosystem disruption creating particularly severe impacts.
3. Regulatory Compliance (18% influence): The regulatory environment significantly shaped breach outcomes, with highly regulated industries facing more substantial consequences and response requirements.

This correlation between data sensitivity and risk score (r=0.78) was particularly strong in healthcare and financial services breaches.

“What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement,” said Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. “Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organizations must prioritize protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target.”

Risk Exposure Score of Top 11 Data Breaches in 2024

The full “Top 11 Data Breaches in 2024” report can be downloaded from the Kiteworks website at https://www.kiteworks.com/top-data-breaches-report.

About Kiteworks

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and use of sensitive data. The Kiteworks platform provides customers with a Private Data Network that delivers data governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive data moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all private data exchanges. Headquartered in Silicon Valley, Kiteworks protects over 100 million end-users for over 35,000 global enterprises and government agencies.

Media Contact:
David Schutzman
PR Manager
David.schutzman@kiteworks.com