Report Finds 90% of IT Professionals Have Experienced a Cybersecurity Breach
Global research from Skyhigh Security spotlights cloud data security challenges across key industries, indicating the need for stronger security controls
SAN JOSE, Calif.–(BUSINESS WIRE)–Skyhigh Security today released The Data Dilemma: Cloud Adoption and Risk Report, focusing on the prevailing problem of how to protect data that is used, shared and stored in today’s hybrid and cloud-first enterprise environments. The report finds that, on average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with three quarters (75%) experiencing all three. Overall, the report underscores the need to address data security gaps by investing in comprehensive data protection that provides remote workforces with a secure and productive user experience.
“Today, data is everywhere, traversing devices, cloud applications, the web and infrastructure, so it comes as no surprise that one of the biggest challenges organizations face is securing their vital data,” said Rodman Ramezanian, global cloud threat lead, Skyhigh Security. “The problem is compounded by the increasing use of private and public cloud services, practices like Shadow IT and even economic factors. With so many variables, it begs the question: Are organizations trying to solve new problems with old methods? Our report findings reinforce the importance of a converged platform across data, web and cloud protection capabilities to cater for the needs of security teams today.”
Cloud adoption accelerates rapidly
Public cloud usage has jumped in the past several years, partly as a result of the pandemic, which forced most businesses to shift to a work-from-home or hybrid model. As the report points out, from 2019 to 2022, use of public cloud services increased to approximately 50% among survey participants. For example, 41% of organizations are using Software-as-a-Service (SaaS) application Microsoft 365 for email and/or file storage.
Organizations lack confidence in data protection efforts by cloud providers
While the cloud has many advantages and supports greater agility and collaboration, the report demonstrates that organizations are well aware they need better visibility into and more consistent control over where their data is going.
Of those that use SaaS, 28% percent of organizations report advanced threats and attacks against their cloud application providers, compared to 23% in 2019, and 23% say they are unable to prevent malicious insider theft or misuse of data, up from 17% in 2019. Overall, 37% of organizations lack trust in the public cloud to keep their sensitive data secure. This is equally, if not more concerning, in the private cloud. The report indicates that 26% (compared to only 9% in 2019) of organizations do not trust private cloud providers with their data and the percentage of those experiencing challenges related to a private cloud increased 15% since 2019 (from 82% to 97%).
Personal device usage and Shadow IT multiply data risk
Adding to increased malicious activity in the cloud and lack of confidence in providers’ ability to adequately protect data, organizations worry about the proliferation of personal devices at work. Six out of 10 organizations permit employees to download sensitive data to personal devices, which further increases risk. Shadow IT, whereby employees commission cloud services without IT approval or involvement, is another area that continues to worry survey respondents. There has been a 25% increase in the number of organizations that say Shadow IT is undermining their ability to keep data secure – up from 50% in 2019 to 75% in 2022.
Organizations are beginning to take various measures to curb data loss and theft, but adoption is still low considering the prevalence of threats and incidents. According to the report, cloud access security broker (CASB) solutions are used by 42% of organizations, and secure web gateways (SWG) are used by 28% of organizations for added protection. When Shadow IT is discovered, 23% of organizations leverage data loss prevention (DLP) and encryption to keep data in cloud services secure. While deploying these technologies is a step in the right direction, most feel that cloud security could be simpler from an administrator’s (86%) and/or user experience (79%) perspective.
The research presented in the report points to the advantages of a single-vendor data-aware Security Service Edge (SSE) solution that converges multiple security services: CASB, SWG, Zero Trust Network Access and Cloud-Native Application Protection Platform. The findings suggest that IT decision makers look for a SSE solution with a single, centralized platform that simplifies cloud security and enables security teams to apply consistent data protection controls and policies across the web, cloud and private apps–from anywhere, any application and any device.
Additional Resources
- Download the Report and Infographic
- Read the Blog
- Find out more about Skyhigh Security Service Edge
Methodology
In 2022, Skyhigh Security commissioned independent market research agency Vanson Bourne to survey 1,050 IT professionals and senior business decision makers and identify cloud security trends among businesses with 500 or more employees and across multiple geographies (United States, Brazil, United Kingdom, France, Germany, India, Australia, Japan and Canada) and major industries, including financial services, healthcare, the public sector, education, retail, technology, manufacturing, energy and others.
About Skyhigh Security:
Skyhigh Security is focused on helping customers secure the world’s data. It protects organizations with cloud-native security solutions that are both data-aware and simple to use. Its market-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security. For more information, visit www.skyhighsecurity.com.
Contacts
Skyhigh Security Contact:
Tracy Holden
Head of Corporate Communications, Skyhigh Security
Tracy.Holden@skyhighsecurity.com