New Ponemon Institute Study Reveals Cloud Account Compromises Cost Organizations Over $6 Million Annually
Proofpoint's recent study reveals alarming trends in cloud security, with two-thirds of IT professionals citing cloud account takeovers as a significant risk. The average cost of these compromises is now $6.2 million annually. Over half of respondents noted an increase in the frequency and severity of incidents. Additionally, only 44% of organizations have defined roles for protecting sensitive information in the cloud. Key findings include that 86% report annual costs exceeding $500,000 for such breaches, compounded by lax enforcement of IT approval for cloud app usage.
- 66% of IT professionals view cloud account takeovers as a significant risk, indicating heightened awareness of cybersecurity threats.
- 86% of respondents state the annual cost of cloud account compromises exceeds $500,000, showcasing the potential market for security solutions.
- The average cost of cloud account compromises reached $6.2 million, signaling severe financial implications for affected companies.
- Only 44% of organizations have clear accountability for safeguarding sensitive information in the cloud.
Over two-thirds of surveyed IT professionals believe cloud account takeovers are a significant risk to their organizations
SUNNYVALE, Calif., May 25, 2021 (GLOBE NEWSWIRE) -- Proofpoint, Inc. (NASDAQ: PFPT), a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organization, today released the results of a new study on “The Cost of Cloud Compromise and Shadow IT.” The average cost of cloud account compromises reached
“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”
Only 44 percent of survey respondents believe their organizations have established clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Risks are also magnified as fewer than 40 percent of respondents say their organizations are vigilant in conducting cloud app assessments before deployment.
Additional key survey findings include:
- Cloud account compromises are costly incidents and present a significant security risk. According to
86% of respondents, the annual cost of cloud account compromises is over$500,000. Survey respondents also reported 64 cloud account compromises per year on average, with30% exposing sensitive data. Nearly 60 percent of respondents indicated Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. Overall, over 50 percent of respondents say phishing is the most frequent method attackers use to acquire legitimate cloud credentials.
- Shadow IT is creating substantial risks for organizations. Seventy-five percent of respondents say the use of cloud apps and services without the approval of IT is a serious security risk. Additional practices also increased risks including the move to the cloud and mobile workforce (72 percent) and cloud-based collaboration/messaging tools for sharing sensitive or confidential files (70 percent).
- Strong authentication and adaptive access controls are essential in securing admission to cloud resources. Over 70 percent of respondents supported multiple identity federation standards, including SAML, and controlling strong authentication prior to accessing data and applications in the cloud. Sixty-one percent agreed adaptive access controls to protect users most at risk are essential.
“SaaS security simply cannot be an afterthought given the high cost of cloud account compromise and today’s heightened hybrid working environment. The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio,” said Tim Choi, vice president of Product Marketing for Proofpoint. “Such an approach effectively addresses concerns like cloud account compromise, unauthorized access to cloud data, and cloud application governance. Organizations need clearly defined roles, established accountability, and a CASB solution that can be operationalized in hours—not weeks.”
To download The Cost of Cloud Compromise and Shadow IT, please visit: https://www.proofpoint.com/us/resources/analyst-reports/cost-of-cloud-compromise-and-shadow-it. For more information on Proofpoint Cloud App Security Broker (Proofpoint CASB), please visit: https://www.proofpoint.com/us/products/cloud-security/cloud-app-security-broker
About Proofpoint, Inc.
Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.
Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube
Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.
PROOFPOINT MEDIA CONTACT:
Kristy Campbell
Proofpoint, Inc.
(408) 850-4142
kcampbell@proofpoint.com
FAQ
What does Proofpoint's recent study on cloud account compromise reveal?
How much do cloud account compromises cost organizations according to Proofpoint's study?
What percentage of IT professionals believe cloud account takeovers are a risk?
How many cloud account compromises are reported annually by surveyed professionals?