Research reveals 67% of New Zealand businesses experienced a data breach in their cloud environment last year – an increase of 29% from the previous year.
More than two thirds (67%) of New Zealand businesses experienced a data breach in their cloud environment during the last year, an increase on the 38% reported in 2022.
The findings from the 2023 Thales Cloud Security Study also exposed human error as the leading cause of cloud data breaches by over a third (38%) of those surveyed.
As context, the report references 37% of Australian businesses as experiencing a data breach in their cloud environment last year.
Overall, businesses reported a dramatic increase in the level of sensitive data stored in the cloud. Almost three quarters (70%) of businesses said that more than 40% of data stored in the cloud is classified as sensitive – compared to 57% of businesses this time last year.
Almost half (47%) ranked Software-as-a-Service (SaaS) applications as the leading target for hackers, closely followed by data in motion (44%).
Despite the reported increase in sensitive data in the cloud, the study found low levels of encryption being used by New Zealand businesses. Less than a fifth (17%) of IT professionals reported that more than 60% of their sensitive data in the cloud is encrypted.
According to the findings, on average, only 45% of cloud data is currently encrypted globally.
The study also found a lack of control over encryption keys by businesses, with only 6% of those surveyed stating that they controlled all the keys to their encrypted data in their cloud environments. In addition, two thirds (64%) say they have five or more key management systems – creating increased complexity when securing sensitive data.
Multi-cloud Causing Operational Complexity
The adoption of multi-cloud continues to surge globally, with more than three quarters (79%) of organizations having more than one cloud provider.
Notably, it’s not just infrastructure that is experiencing this growth. The use of SaaS apps is also on the rise significantly.
In 2021, just 4% of respondents reported their enterprises utilizing over 100 different SaaS applications – in 2023 this percentage increased to 19%.
Despite the expansion of cloud usage, a significant challenge remains. Almost two thirds (64%) expressed that managing data in the cloud is more complex than in on-premises environments – up from 45% compared to the previous year.
Digital sovereignty is also front of mind for New Zealand respondents. Nine in ten (89%) expressed concerns over data sovereignty and 64% agreed that data privacy and compliance in the cloud has become more difficult.
Pathways to Better Cloud Security
Identity and access management (IAM) is a crucial measure in mitigating data breaches, emphasizing the significance of strong security practices. Encouragingly, the adoption of robust multi-factor authentication (MFA) in New Zealand has risen to 66%, indicating progress in fortifying access controls.
Surprisingly, only 40% of organizations are shown as having implemented zero trust controls in their cloud infrastructure and an even smaller percentage (38%) utilize such controls within their cloud networks. These statistics highlight the need for greater emphasis on adopting comprehensive security measures to effectively safeguard sensitive data and enhance overall cybersecurity resilience.
Brian Grant, Regional Director, ANZ, Thales Cloud Security, said: “New Zealand is home to a dynamic multi-cloud landscape. As organizations continue their Digital Transformations, more and more sensitive data will move to the cloud. This data remains the responsibility of the enterprise customer and not the cloud service provider. Ultimately, if businesses and their executive leadership team do not take action to embed effective data security in their cloud environment – the consequence can be catastrophic.”
“While cloud environments offer many benefits, the reality is that they are complex; it takes only one small oversight to open the door to a skilled attacker. When this occurs, sensitive cloud information can be stolen or compromised, costing organizations hundreds of times more than the investment to secure the cloud data in the first place.”
“Data encryption, data access control and data-at-risk alerts are three essential security measures every organization should have in place if they are to successfully leverage the cloud while ensuring the integrity and confidentiality of their valuable information. The growth and success of a cloud-first business today relies as much on great data security as on protecting its cash flow.”
Click below to share this article
