Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

The average cost of cloud account compromises reached $6.2 million over a 12-month period, Proofpoint, a cybersecurity and compliance company, said in its latest The Cost of Cloud Compromise and Shadow IT report.

Cloud compromise and shadow IT report

Above: Very little corporate data in the cloud is controlled by IT.

Image Credit: Proofpoint

In a survey of 600 IT and IT security professionals in the U.S., 75% of respondents said shadow IT — use of cloud applications and services without the approval (or knowledge) of IT — is creating substantial risks for their organizations. While some respondents were confident — 24% very confident and 30% confident — users were using IT-approved cloud services and applications for file-sharing and collaboration tools, only 40% believed their organizations knew all the cloud cloud computing applications, platforms, and infrastructure services that their users were using.

An average of 42% of corporate data is stored in the cloud, but only an average of 27% of corporate data is stored in IT-controlled cloud environment. The majority of corporate data — 67% — is stored in cloud services deployed by departments other than corporate IT.

Protecting cloud data remains a challenge, as 68% called cloud account takeovers a significant risk to their organizations. More than half indicated the frequency and severity of these breaches has increased over the past year. Only 44% of survey respondents believe their organizations have established clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Fewer than 40% said their organizations were vigilant about conducting cloud app assessments before deployment.


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Compromised cloud accounts are costly incidents and should drive organizations to invest in technologies, in-house expertise and user training and awareness programs. The costs include hours spent by staff responding to the incident, application downtime, business process workarounds, fines, legal fees, consultants/lawyers, MSSPs, notification of individuals and business partners affected by the exposure of their confidential information, and loss of customers and business relationships due to reputational damage.

On average, respondents reported 64 cloud account compromises per year, with 30% exposing sensitive data. The average annual IT budget in the organizations represented in this research was $167 million. An average of 22 percent, or $36.8 million, was allocated towards securing cloud-based resources. An average of six IT security personnel would be involved addressing compromised cloud accounts, with the IT security team spending an average of 14,184 hours annually to deal with these breaches.

Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. In a year, organizations experience an average of 138 hours of application downtime.

Read Proofpoint’s full The Cost of Cloud Compromise and Shadow IT.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.