With the mass adoption of the cloud, businesses of all sizes and industries gained access to the vast amounts of data generated by their own operations, their customers, and the market at large. This widespread cloud transformation set the stage for great innovation and growth, but it has also significantly increased the associated risks and complexity of data security, especially the protection of sensitive data.
We’ve gathered some interesting data security statistics to give you insight into industry trends, help you determine your own security posture (at least relative to peers), and offer data points to help you advocate for cloud-native data security in your own organization.
Exponential data proliferation
The sheer volume of data that businesses are creating, consuming, and analyzing has grown exponentially, making the cloud a very tempting target for threat actors.
The global datasphere is estimated to reach 221,000 exabytes by 2026, 90% of which will be unstructured data.
In 2023, 87% of organizations have embraced multi-cloud usage, creating environments that are more complicated and harder to secure.
There has been a 390% increase in the average number of software-as-a-service (SaaS), infrastructure-as-a-service (IaaS) services, and platform-as-a-service (PaaS) services used by organizations since 2020.
Worldwide spending on public cloud services is expected to reach $591.8 billion in 2023, a 20.7% increase from 2022.
Security teams are struggling to adapt, partly for lack of tools and because of the massive, worldwide shortage of skilled cybersecurity professionals.
A 2022 ISC report highlighted a cybersecurity workforce gap of 3.4 million jobs, a 26.2% increase from the previous year.
Nearly 70% of participants in that ISC survey reported feeling that their organization didn’t have enough cybersecurity personnel to manage cloud data risk effectively.
57% of those participants said their employer could offset this gap by using technology to automate specific security tasks.
Increasing risk
The rapid expansion of the cloud, combined with the cybersecurity workforce gap, has left many organizations without adequate security in the cloud, especially data security. As a result, we’ve seen a significant increase in decentralized and largely unchecked risk:
According to IBM’s Cost of a Data Breach Report 2022, 45% of data breaches were cloud-based.
That’s particularly concerning when you recognize that 89% of organizations say they host sensitive data or workloads in the cloud.
In a representative sample of publicly accessible cloud storage S3 buckets Laminar Labs found that 21% of them contained sensitive data.
Despite such a significant amount of sensitive data in the cloud, only 40% of security professionals say they have a cloud security tool to monitor for data threats.
And in 2022, organizations took an average of nine months to identify and contain a data breach.
Shadow data presents an even greater concern. This is data that security professionals aren’t even aware of, such as a dataset that an analyst copied and stored in a new location or a forgotten backup.
93% of security professionals say they’re concerned with shadow data, and 68% say that it’s the greatest challenge their data security teams face.
Laminar finds an average of 13+ million shadow data records per customer.
Impact of a data breach
Research shows that companies have experienced an increase in attacks, and unfortunately, a successful breach can have a massive impact on their bottom line.
Global cybersecurity attacks increased by 38% between 2021 and 2022.
77% of security professionals report that a malicious actor accessed their public cloud data in 2022, up from 51% the year before.
In 2022, the global average data breach cost was $4.35 million. That cost rose to $9.44 million for businesses in the US.
Breaches in the healthcare industry were the costliest at $10.10 million on average. The financial sector came in second with an average cost of $5.97 million, closely followed by pharmaceuticals ($5.01 million), technology ($4.97 million), and energy ($4.72 million).
A security breach also damages future growth opportunities, impacting consumer trust and investor relations.
A Twilio study found that 98% of consumers want brands to improve their data security and be more open about how their data is being used.
In that same study, 40% of respondents said they would stop buying from a brand if the company didn’t uphold their data privacy and transparency requirements.
Gartner predicts that 60% of investors will ask for details of a business’s cybersecurity program when assessing investment potential by 2025.
Compliance-related risks
Alongside cost and damage to the brand, regulatory compliance is another driver for improving data security in the cloud. And in recent years, we’ve seen many examples of governing bodies enforcing consumer data protection laws, making this driver even more pressing.
Gartner predicts that by the end of 2023, the personal information of 3/4 of the world’s population will be protected by modern privacy laws.
60% of cybersecurity professionals say changing regulatory requirements will be one of the biggest challenges in the next two years.
Sephora was fined $1.2 million for violating the California Consumer Protection Act in 2022.
In May of 2023 Meta was fined $1.3 billion dollars (or $1.2 billion euros) for GDPR violations.
Everyone is subject to this risk
If you think cloud data risk is a concern that doesn’t or couldn’t impact your organization, think again. It cuts across organization size, industry and geographical boundaries. If a business operates in the cloud, especially the public cloud, it will be subject to cloud data security risk.
With 67% of SMB and 50% of enterprise workloads in the cloud, the potential attack surface is significant for all organizations.
Over 70% of both SMBs and enterprise organizations say security is one of their top three greatest challenges.
Cloud data security risk crosses industry borders as well, as evidenced by these statistics:
A cloud misconfiguration, found in late 2021, exposed 3TB of airport data, including employee PII and information on planes and fuel lines.
In 2022, Microsoft revealed that a misconfigured Microsoft server leaked customer contact information and transaction data from an alleged 65,000 entities, worldwide.
Yet another misconfiguration exposed the grades and personal information of over 100,000 McGraw Hill students.
In 2021, Comparitech researchers found out that a Covid-19 testing service in Utah left 50,000 patients’ scanned IDs and test results exposed.
After shutting down operations, a digital marketing company left 50,000 files, 32 GB worth of sensitive data in an S3 bucket that was open to the public.
Businesses are evolving
While mitigation strategies might be lagging behind this increase in cloud data risk, the following cloud security statistics demonstrate that awareness is spreading and forward-thinking CISOs are recognizing that cloud data security is a differentiator.
92% of security professionals say that the increase in cloud breaches has motivated leadership to buy into cloud-native security platforms, as opposed to 50% in 2022.
As a good start to addressing the challenges, we’ve seen an increase in the number of organizations that have an internal security team, rising from 58% in 2022 to 97% in 2023.
Gartner predicts that enabling innovation will become a central focus of formal cloud strategies in 50% of businesses by 2025.
Gartner also predicts that teams will consider 80% of data and analytics governance initiatives geared toward furthering business outcomes as essential business capabilities.
85% of executives agree or strongly agree that business objectives are integral to developing cybersecurity strategies.
75% of enterprises plan to invest in new solutions to ease innovation exchange, and 42% say they will prioritize data gathering and analysis processes to support decision makers.
Businesses are seeking new cloud data security solutions
Businesses are beginning to recognize that traditional security tools, like manual processes, legacy solutions, and tools built into CSP platforms aren’t sufficient. So, what do security professionals want in a cloud data security solution?
According to our State of Public Cloud Data Security Report:
95% of security professionals recognize that cloud-based environments require different solutions than on-premises environments.
71% said they need a cloud-native security solution that is capable of autonomously discovering and classifying all cloud data, including shadow data.
63% want a highly reliable and scalable platform that can keep up with the pace of innovation in the cloud, and 54% say it should operate asynchronously to minimize impact on performance.
Data security posture management (DSPM) solutions are emerging cloud-native technologies designed to address the security complexities of a multi-cloud environment. Not only were they built specifically for the cloud, but they autonomously and continuously discover, prioritize, secure, and monitor all data in the cloud—both known and unknown.
Gartner estimates that over 20% of businesses will implement a DSPM to meet the significant risk posed by shadow data.
Security professionals say the top three capabilities they want in a DSPM solution are: data security policy enforcement, data risk assessment, and data classification.
These cloud data security statistics tell a story
If the cloud data security statistics above have you concerned, they should. We’re at a pivotal point in the data security space: organizations will either evolve and adopt new cloud-first security solutions, or they’ll likely experience a breach at some point.
To mitigate this risk, security professionals need cloud-native data security solutions, like a DSPM tool. It is only with these data security tools built for the particular challenges of cloud that organizations can gain the complete visibility and necessary agility required to build out and manage a comprehensive data security strategy.
For more cloud security statistics, check out the State of Public Cloud Data Security Report 2022.