The growing use of cloud services and the lack of visibility into sensitive information in the cloud can result in more damaging or costly data breaches, according to the Ponemon Institute. The survey found that the majority of enterprises have not or do not know if they inspect their cloud services for malware.
What are the cloud security risks your organization worries about?
The findings also reveal that while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by IT. While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es).
Companies lack insight into breaches
Over half of respondents say the use of cloud services significantly increases the likelihood of a data breach, yet the majority have neither the visibility nor have they taken the correct precautions to prevent breaches involving cloud.
- Nearly 20 percent cannot determine if they experienced a breach or not, indicating a significant lack of insight into security policies and data currently stored in the cloud.
- For companies that did experience a data breach in the last year (31 percent), 48 percent say it was the user who exposed data intentionally or accidentally from a cloud service. However, a quarter don’t have any idea how the breach occurred, and 30 percent could not determine what data were lost or stolen.
- Malware is a significant source of data breaches as well: 39 percent of respondents experienced a malware attack in the last year, but almost half (48 percent) do not inspect the cloud for malware, and 12 percent are unsure if they do.
- Of those organizations that do inspect the cloud for malware, 57 percent of respondents say they found malware in the cloud. Given the high percentage that don’t even monitor, more than one-third (34 percent) likely have malware but don’t know it.
A look at the cloud environment
Cloud adoption is on the rise. A recent forecast from 451 Research predicts that three in five (60 percent) of enterprise workloads will run in the cloud by mid-2018, up from two in five (41 percent) today. This report found that as more software and business applications move to the cloud, knowledge about what applications are in the cloud decreases, putting confidential and sensitive information at risk.
- The estimated percentage of software applications in the cloud has increased from 45 percent in 2014 to 49 percent in 2016. Apps that are known, officially sanctioned or approved by IT decreased from an estimated 50 percent to 45 percent, indicating cloud adoption may be outpacing security measures.
- Three-quarters of businesses store at least some sensitive or confidential business data in the cloud, and respondents estimate 26 percent of sensitive or confidential information is not visible to IT.
- When asked about security worries, respondents’ top concern over cloud security risks is loss of control over the security of data and end-user actions (49 percent), followed by loss or theft of intellectual property (IP) (47 percent), and compliance violations (39 percent).
Estimated data breach costs involving the loss of 100,000 or more customer records over 12 months
The economic impact of data breaches
Companies were asked to estimate the cost of data breaches involving the loss of 100,000 or more customer records within the last 12 months. They calculated a customer information breach would have cost them almost $20 million in the past year, taking into consideration the cost of remediation and technical support, lost business opportunities, and lost productivity because of downtime.
- The largest cost (40 percent) is damage to reputation and brand, with companies estimating a spend of $7.68 million.
- Cleanup and remediation spend was approximately $3.85 million, while damage or theft of IT assets and infrastructure accounted for just under a million dollars per year.
- For a data breach associated with IP vs. customer records, damage to reputation and brand value again represents the largest estimated data breach cost component, at $5.66 million, nearly half (44 percent) of the total estimated cost of $12.80 million. More than half (54 percent) believe there is more than a 10 percent chance of an IP-related data breach happening in the next year.
The cloud multiplier effect
Respondents were asked to estimate the likelihood of a data breach when considering a number of IT scenarios involving an increased use of the cloud. The growing use of cloud services (SaaS) and the increase in backup and storage of confidential data in the cloud is most likely to cause a data breach in the cloud:
- Almost 90 percent believe an increase of cloud services usage of 50 percent within the next year will increase the probability of a data breach. The same percentage agree a 50 percent increase in backup and storage of sensitive information in the cloud would also increase the probability of a data breach.
- Early cloud adopters are still skeptical: Only a third believe their cloud service providers enable security technologies to protect and secure sensitive or confidential information, and only 37 percent believe cloud apps are in full compliance with privacy and data protection regulation and law.