Research shows nearly half of all data breaches originate in the cloud 

Research shows nearly half of all data breaches originate in the cloud 

Illumio, the Zero Trust Segmentation company, has released the Cloud Security Index: Redefine Cloud Security with Zero Trust Segmentation, that presents the findings of global research into the current state of cloud security, the impact of cloud breaches and why traditional cloud security technologies fail to keep organisations secure in the cloud.   

Vanson Bourne, an independent research firm, surveyed 1,600 IT and security decision-makers across nine countries and found that cloud risks are only getting worse, traditional cloud security tools are falling short and Zero Trust Segmentation (ZTS) is essential for the modern landscape.   

Key findings include: 

  • Traditional cloud security is failing the modern enterprise: In the last year, nearly half of all data breaches (47%) originated in the cloud and more than six-in-10 respondents believe cloud security is lacking and poses a severe risk to their business operations.   
  • Cloud breaches cost organisations millions each year: The average organisation who suffered a cloud breach last year lost nearly US$4.1 million, yet 26% are operating under the assumption that breaches are not inevitable, posing serious risks to the business and its customers. 
  • Zero Trust Segmentation is critical for cloud resilience: 97% believe ZTS can greatly improve their organisation’s cloud security strategy because it improves digital trust (61%), ensures business continuity (59%) and bolsters cyber-resilience (61%).   

Cloud concerns are pervasive in today’s complex, hybrid world 

As organisations take their most sensitive data to the cloud, they face increased complexity and risk. A total of 98% of organisations store their most sensitive data in the cloud, including financial information, business intelligence and customer or employee personally identifiable information (PII). Yet, over nine-in-10 are concerned that unnecessary or unauthorised connectivity between cloud services increases their likelihood of a breach. 

According to the research, the main threats to organisations’ cloud security are: workloads and data overlapping traditional boundaries (43%); a lack of understanding of the division of responsibility between cloud providers and vendors (41%); social engineering attacks (36%); a lack of visibility across multi-cloud deployments (32%); and rising malware and ransomware attacks (32%). 

Where traditional cloud security tools fall short 

Respondents overwhelmingly believe their organisation’s current approach to cloud security creates severe risks:   

  • 95% say they need better visibility of connectivity with third party software.   
  • This lack of visibility is impacting organisations’ ability to respond to attacks, with 95% saying they need to improve their reaction time to cloud breaches.   

Respondents worry about the business repercussions of a cloud breach – their top three concerns being:   

  • Reputational damage and loss of public trust (39%); loss of sensitive data (36%); and a loss of revenue-generating services (35%). 

Zero Trust Segmentation is a non-negotiable for cloud security 

Most (93%) IT and security decision-makers believe that segmentation of critical assets is a necessary step to secure cloud-based projects. Additionally, organisations with dedicated microsegmentation technology were less likely to have suffered a cloud breach in the last year (35%) than those without it (43%).  

“Because cloud environments are dynamic and interconnected, they’re increasingly challenging for security teams to navigate with legacy solutions,” said John Kindervag, Chief Evangelist at Illumio. “Organisations need modern security approaches that offer them real-time visibility and containment by default to mitigate risk and optimise opportunities afforded by the cloud. I’m optimistic that nearly every security team is prioritising improving cloud security in the months ahead and that they see solutions like ZTS as an essential piece of their Zero Trust journey.”   

Browse our latest issue

Intelligent CISO

View Magazine Archive