Security executives recognize that most business-technology systems will be maintained in a cloud environment moving forward, but are concerned that security teams are not equipped to manage the associated risk, according to a new study from CRA Business Intelligence, the research and content arm of cybersecurity information services company CyberRisk Alliance.
The study also reveals that even as some organizations learn and adopt “cloud-first” frameworks and procedures, others simply lift and shift their current applications to the cloud with little to no customization, creating the potential for significant long-term risks to their security posture.
The data and insights in this report are based on a survey conducted in April 2022 of 300+ IT and cybersecurity decision-makers and influencers in the United States, with respondents drawn from organizations of all sizes and industries.
Among the study’s key findings:
- Thirty-seven (37%) percent of respondents reported their organization experienced a cloud-based attack or breach in the last two years. On average, this amounted to four attacks per victim since 2020.
- The number of cloud assets/workloads is growing among companies, with55% of respondents running up to 50 assets/workloads in the public cloud and 56% on hosted clouds; on average respondents maintain 66 assets in either public or hosted clouds.
- As cloud-based assets/workloads increase, 50% of respondents are very concerned about their ability to secure their cloud systems, with 72% “extremely” or “very” concerned.
- When it comes to the top data security concerns in the cloud, respondents cite the following: Lack of detection/response, compromised users, misconfiguration, and inability to monitor changes within cloud environments.