Cloud Security Stats Are In and They’re Not Pretty

With digital transformation having taken a front seat over the past 3 years due to a global shift in how people do business, cloud reliance and breaches have skyrocketed. According to G2, half of all organizations are currently cloud native or cloud enabled. It’s not just a matter of accomplishing work, either – it’s storage for vital digital assets. The same report found that 65% of all corporate data is currently being stored in the cloud, making it an attractive target for threat actors.

Not convinced? 75% of enterprises are currently in the process of developing cloud applications, and 4/5 organizations plan to increase their cloud spending despite ongoing economic uncertainties. Further, Gartner, Inc. expects cloud spending to reach nearly $600 billion this year. That’s billion – with a B.

People Are Running to the Cloud, So What?

Widespread adoption over a short period of time means that a majority of organizations are managing relatively new cloud environments or will be very soon. How many of these initiatives are undergoing thorough architecture reviews from cybersecurity experts before rollout – and being amended based on their feedback? How many of them have a full team of cybersecurity experts working behind the scenes to manage, monitor, test, remediate, and protect these cloud environments? Is there any chance that some of them are taking short cuts for the sake of speed – or due to a lack of internal resources? One thing is for sure ­– with a crisis-level shortage of experts, massive cloud adoption underway, and an overwhelming number of breaches with no end in sight, something isn’t working.

Who Is Securing All These Cloud Environments?

(ISC)² reported last year that 70% of those surveyed reported understaffing on cybersecurity teams. Despite hundreds of thousands of newly trained cybersecurity practitioners entering the workforce annually, researchers at Cybersecurity Ventures anticipate there will still be 3.5 million unfilled positions for skilled workers in 2025. That makes the outlook somewhat dismal for companies competing for cloud security experts, since 41% of enterprise IT decision makers surveyed by G2 stated they already have to rely on outside help for cloud security support.

Security Boulevard reported that 60% of enterprises are having trouble retaining the qualified talent they do manage to hire, due to aggressive recruiting offers from competitors. Where does that leave midmarket companies, who are typically managing similar environments to their enterprise counterparts, but don’t have the deep pockets to compete for talent? They’re already using cloud[AS1] .

Cloud Security Breaches Are Common, and Expensive

Thales Security found that cloud assets are currently the number one target for attack. And according to Venturebeat, 69% of organizations surveyed reported a data breach in the last year due to multicloud security configurations. Considering the severe workforce gap and widespread instances of understaffed cybersecurity teams, it’s easy to see that configurations are going to be an issue – because they rely on highly skilled human management tasks. [AS2] Knowing they don’t have the internal resources to manage cloud security, why would organizations continue to drive forward? When boards demand results, it’s logical that digital transformation and cloud initiatives are going to continue regardless of security risks – it’s just a matter of business economics. Cloud offers unparalleled scalability and efficiency that impact profits, so rollouts are going to continue moving forward. Costs for each of these breaches is expected to hit an all-time high of $5 million by the end of this year, but perhaps that risk is overshadowed by the desire to compete in the marketplace.

Who Is Taking the Brunt of Cloud Breaches?

Interestingly, those hit hardest are startups, which makes sense given the tremendous influx of investment money into technology startups in recent years, the clamor for innovation, and their reliance on cloud environments to create scalable solutions at the lowest possible cost. They are in a similar situation to midmarket companies – having worked very hard to get where they are, dependent on business growth, and severely understaffed. Ironically, technology startups positioning themselves in regulated markets like healthcare or financial services (fintechs) stand to benefit the most from cybersecurity investments. In these cases, cybersecurity validations and compliance certifications are essential to selling into the enterprise space and can generate tremendous ROI.

What To Do When There’s No Easy Button

Yes, your organization is likely to be increasing its reliance on cloud systems, based on these statistics. Yes, you are likely to experience a breach of those cloud systems if you are like most organizations interviewed. But things are far from hopeless. Before you roll out your next round of system updates, take the time to consult a cybersecurity architect. You wouldn’t think of building a house without consulting an architect, and IT systems are no different. Save yourself headaches, breaches, and protect your budget by doing things right from the beginning. If you’re already down the road in your cloud rollouts, it’s not too late. A strategy and risk expert can still audit your systems and create a roadmap to help you move closer to cyber resilience. These experts will help you find gaps, make recommendations on how you can improve, provide feedback on configurations, and point you to the right cloud security solutions for your context. In this case, the juice will always be worth the squeeze.

If you’d like to speak with someone about your next digital transformation project and what steps you might need to take, reach out to us here. We have experts ready.

---