Survey: More Than Half of Organizations That Store Customer Data in the Cloud had Security Incidents in 2020
January 14, 2021Netwrix, a cybersecurity vendor that makes data security easy, announced the release of its global 2021 Netwrix Cloud Data Security Report. The report reveals that over half (54%) of organizations that store customer data in the cloud had security incidents in 2020. As a result, as many as 62% of organizations plan to remove sensitive data from the cloud or have already done so to improve their data security.
The survey found that the most common types of cloud security incidents in 2020 were phishing (reported by 40% of organizations), ransomware or other malware (24%), and accidental data leakage (17%). Over half of respondents stated that these incidents required obtaining extra budget to address associated security gaps.
Data theft scenarios did considerable damage to businesses in other ways as well. Incidents involving insider data theft negatively impacted company valuation for 33% of organizations, while data theft by hackers led to customer churn and loss of competitive edge (35% each).
The top data security challenges named by respondents were lack of IT staff (52%), lack of budget (47%) and lack of cloud security expertise (44%). Interestingly, 48% of CISOs noted that the organization’s desire for growth hinders efforts to ensure proper data security in the cloud.
The most popular cloud security controls that organizations already have in their arsenal are encryption (62%), auditing of user activity (58%) and employee training (58%). Also, the majority of respondents either already classify sensitive data in the cloud (49%) or plan to implement this control in the future (31%).
Other survey findings include:
- Every tenth large enterprise (1,000+ employees) that suffered a cloud data breach changed their senior leadership as a result.
- 5% of respondents who experienced cloud data theft by hackers needed years to detect it; this was the only type of incident that took that long to spot.
- Organizations that both classify data and audit user activity are 1.5 times more likely to discover incidents in the cloud in mere minutes.
“The top three challenges organizations face in securing data in the cloud are lack of staff, financial resources and expertise. These hardships force security teams to operate in the ‘new day, new breach’ reality,” said Ilia Sotnikov, Vice President of Product Management at Netwrix. “To identify, detect and protect against threats in the cloud continuously, organizations should invest in solutions that help prioritize risks and automate security routines, such as tools that provide data discovery, activity auditing and alerting. That way, security teams can better manage risks, respond to the attacks promptly and minimize negative business outcomes.”
The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use private and public cloud services to store their data. To get the complete findings, please visit www.netwrix.com/2021_cloud_data_security_report.html.