Pretty much every company has suffered some kind of cloud data breach

cloud
(Image credit: Shutterstock / Blackboard)

Virtually all businesses experienced at least one cloud data breach in the past 18 months, a new survey has claimed.

Conducted by IDC on behalf of cloud infrastructure security company, Ermetic, the survey discovered that 98% of the surveyed companies admitted to experiencing at least one cloud data breach in the past 18 months, compared to 79% last year. 

More worryingly, a sizable majority (67%) reported experiencing upwards of three such cloud breaches.

During these breaches, 63% of the surveyed businesses admitted to exposing sensitive data. If you only consider companies with annual cloud infrastructure budgets of over $50 million, this figure surprisingly jumps to 85%. 

Inadequate cloud security

The survey points to the fact that even companies with considerable cloud computing infrastructure budgets aren’t investing enough to protect their assets on the cloud.

A majority (60%) of the surveyed security decision makers consider lack of visibility as well as inadequate identity and access management (IAM) a major threat to their cloud infrastructure. 

“Even though nearly 70% of companies invest more than 25 hours a week on cloud identity management, the survey found that 83% had at least one access-related cloud data breach,” said Shai Morag, CEO of Ermetic.

No surprise then that the respondents cite "access risk” and “infrastructure security” among their top cloud security priorities for the next 18 months, even as 85% of the surveyed businesses said they plan to increase their security spending this year, with a significant portion directed towards cloud infrastructure security.

Ermetic is using the results of the survey to suggest that an effective cloud infrastructure security strategy should focus on identities, permissions and entitlements to truly protect against risk.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.