Skip to content ↓ | Skip to navigation ↓

A new study by the Ponemon Institute, titled “Data Breach: The Cloud Multiplier Effect,” reveals that IT and security professionals expect that migrating to cloud services will increase the likelihood and economic impact of data breaches by several magnitudes, highlighting a lack of confidence in the security of data in the cloud.

Ponemon’s May 2014 Cost of a Data Breach study established the average cost of a compromised customer record to be just over $200 each, making a breach involving 100,000 records cost an organization around $20 million dollars, but participants estimate that increased use of cloud services could triple that figure.

“Imagine then if the probability of that data breach were to triple simply because you increased your use of the cloud. That’s what enterprise IT folks are coming to grips with and they’ve started to recognize the need to align their security programs to account for it,” said Sanjay Beri, CEO of Netskope.

The survey of 613 IT and security practitioners also revealed:

  • Respondents estimate that every 1 percent increase in the use of cloud services will result in a 3 percent higher probability of a data breach
  • More than two-thirds (69 percent) of respondents believe that their organization is not proactive in assessing information that is too sensitive to be stored in the cloud
  • 62 percent of respondents believe the cloud services in use by their organization are not thoroughly vetted for security before deployment
  • Almost three-quarters (72 percent) of respondents believe their cloud service provider would not notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information
  • 71 percent believe they would not receive immediate notification following a breach involving the loss or theft of customer data
  • Respondents believe 45 percent of all software applications used by organizations are in the cloud, but exactly half (22.5 percent) of these applications are not visible to IT
  • Respondents estimate that 36 percent of business critical apps are based in the cloud, yet IT lacks visibility into nearly half of them

“We’ve been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular,” said Dr. Larry Ponemon.

“It’s fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage. We’ll be interested to see how these perceptions change over time as the challenge becomes more openly discussed.”

The full report can be found here (form required)…

Tripwire University
  • Stephen Coty

    The data that I have seen related to cloud incidents are consistently growing, but they are growing at a near equivalent rate as Enterprise data centers. The attack vectors are just different. For Example you will see more malware and brute force type activity hitting a Enterprise data center vs a Cloud deployment. Cloud deployments will see more web app attacks and vulnerability scanning. So the risk is the same in either environments. They both require a defense in depth strategy in both environments to minimize the risk of a breach. Treat the cloud like you would an extension of your enterprise. Understand the shared responsibilities of your cloud provider and you as the consumer.

    • Great points Stephen. The Ponemon study really underscores the perceptions of cloud security, but your comments are more aligned with the reality. Thanks!