SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cybersecurity
#
Data Security
#
Financial Services

Kiteworks reveals the top data breaches of 2024 report

Yesterday
Author image
By Shannon Williams, Journalist

Kiteworks has published a report detailing the top 11 data breaches of 2024, based on the company's proprietary Risk Exposure Index.

The report uses a multi-factor methodology to quantify the true impact of major data breaches, focusing on criteria such as data sensitivity, financial impact, regulatory implications, and attack sophistication, moving beyond the simple count of exposed records.

The Risk Exposure Index (REI), introduced in 2024, aims to provide a more nuanced understanding of breach severity by considering the specific nature of compromised data alongside other critical dimensions. According to the REI, data sensitivity exerts the greatest influence on breach severity, accounting for 24%—the highest weighting among evaluated factors.

Tim Freestone, Chief Marketing Officer at Kiteworks, said: "Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses. When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organisations to more effectively prioritise their security investments."

One notable finding from the report is that breaches affecting healthcare and financial service providers, where data tends to be especially sensitive, received some of the highest risk scores regardless of the absolute number of records exposed. This correlation between data sensitivity and risk score (r=0.78) was found to be particularly strong in these sectors.

The Change Healthcare data breach scored a perfect 10.0 for Supply Chain Impact, reflecting what Kiteworks describes as "catastrophic downstream effects" on thousands of healthcare providers. In comparison, the National Public Data breach recorded a Supply Chain Impact score of 8.5. Despite affecting fewer records, the Change Healthcare breach received one of the highest overall risk scores, demonstrating how the methodology quantifies ecosystem-wide consequences beyond raw numbers.

Attack Vector Sophistication also factored into the assessment, with scores in this category varying significantly within the top events. DemandScience recorded the lowest score in this area at 5.4, while the National Public Data breach reached 8.4, indicating exploitation through more advanced or persistent techniques. This variance underscores the range of approaches employed by threat actors, from exploiting basic misconfigurations to leveraging sophisticated attack vectors.

The overall risk score rankings place the National Public Data breach at the top with a rating of 8.93. This is followed by Change Healthcare (8.7), Ticketmaster Entertainment (8.7), AT&T (8.5), Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6). Lower-ranked events include DemandScience by Pure Incubation (7.1), Dell Technologies (7.2), MC2 Data (6.9), and the U.S. Environmental Protection Agency (6.2).

In multi-factor analysis of all breaches, data sensitivity is followed by financial impact at 22% and regulatory compliance at 18% as key contributors to overall risk. Financial consequences—including direct losses and ecosystem disruption—proved especially severe, while regulatory frameworks created substantial impact in highly regulated sectors. The report highlights the particular vulnerability of industries with less mature supply chain and third-party risk management processes.

Patrick Spencer, Vice President of Corporate Marketing and Research at Kiteworks, commented: "What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement. Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organisations must prioritise protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target."

As outlined in the report, the most significant breaches of 2024 had varying Supply Chain Impact and Attack Vector Sophistication scores, yet often resulted in comparably high overall risk scores. This approach aims to provide organisations with a framework to more accurately assess their exposure and inform risk management priorities in a changing threat landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ekco launches complete cybersecurity for smaller firms
Organisations face risk with open-source AI & cloud use
Cobalt report reveals gaps in critical vulnerability fixes
Bots surpass humans in online traffic, Thales reports
AI-powered code checker launched to tackle security flaws
Top stories
Kaspersky reports record revenue, USD $822m in 2024
FireMon recruits four Skybox sales leaders for expansion
Hitachi Vantara unveils VSP One with AI ransomware defence
One in fourteen workers use China-based AI apps, study shows
Illumio unveils AI security graph for cloud threat response