Content, Content

Human Error Top Cause of Cloud Data Breaches, Study Finds

Credit: Getty Images

Some 39% of businesses ran into a data breach into their cloud environment in the past year, marking a noticeable increase from last year’s 35%, said Thales, an IT consultant in the defense and security, aeronautics and space, and digital identity and security industries.

3,000 IT and Security Profs in 18 Countries Surveyed

In data gleaned from Thales’ 2023 Cloud Security Study, which encompassed roughly 3,000 IT and security professionals across 18 countries, human error was identified as one of the top causes of data breaches, as reported by 55% of surveyed individuals.

This rise in breaches coincides with a significant surge in sensitive data stored in the cloud. About 75% of businesses disclosed that over 40% of their cloud-stored data is classified as sensitive, a substantial increase compared to last year's 49%.

Here are eight of the study’s other findings:

  • When it comes to targets for hackers, Software as a Service (SaaS) applications ranked as the primary focus for 38% of respondents, closely followed by cloud-based storage at 36%.
  • The study also found that a lack of encryption and key control prompted cloud data concerns among the participants. Less than one-quarter of IT professionals said that more than 60% of their sensitive data in the cloud is encrypted, while the average encryption rate for cloud data currently stands at 45%.
  • In addition, businesses demonstrated limited control over encryption keys, with only 14% claiming full control over their encrypted data in the cloud. A majority (62%) reported employing five or more key management systems.
  • The adoption of multi-cloud environments continues to grow rapidly, with over three-quarters (79%) of organizations utilizing multiple cloud providers. Notably, the use of SaaS applications has also witnessed significant growth. In 2021, 16% of respondents reported using 51-100 different SaaS applications, a figure that rose to 22% in 2023.
  • Despite the expanding use of the cloud, managing data in this environment remains a major challenge. More than half (55%) of respondents expressed that cloud data management is more complex than in on-premises environments, marking an increase from 46% in the previous year.
  • Respondents also raised concerns about digital sovereignty, with 83% worried about data sovereignty and 55% finding data privacy and compliance in the cloud increasingly difficult.
  • Implementing strong identity and access management (IAM) measures is crucial concerning data privacy The adoption of robust multi-factor authentication (MFA) has increased to 65%, indicating progress in strengthening access controls.
  • Only 41% of organizations have implemented zero trust controls in their cloud infrastructure, with an even smaller percentage (38%) employing such controls within their cloud networks.

The Cloud Environment Imperative

In commenting on the study’s findings, Sebastien Cano, cloud protection and licensing senior vice president at Thales, said:

"The study shows that organizations are operating in a dynamic multi-cloud landscape, demanding seamless and efficient access to on-demand IT infrastructure and services. Treating cloud environments as an extension of existing infrastructure while maintaining exclusive control and security of data, especially sensitive data, is key to cloud security. Customer control of encryption keys is essential as it allows organizations to leverage the scalability, cost efficiency, and accessibility benefits of the cloud while ensuring the utmost integrity and confidentiality of their valuable information.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.