{"id":24944,"date":"2023-04-12T14:52:25","date_gmt":"2023-04-12T09:22:25","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=24944"},"modified":"2026-01-21T18:38:33","modified_gmt":"2026-01-21T13:08:33","slug":"cloud-security-statistics","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/cloud\/cloud-security-statistics\/","title":{"rendered":"68 Cloud Security Statistics to Be Aware of in 2026"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">We have adopted the cloud rather quickly. We\u2019ve migrated our workloads in a haste at times, and we&#8217;ve developed cloud-native applications and adapted to a cloud-first business approach.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security, somehow, gets left behind amidst all the movement. One reason for that may be the want for concrete, tangible, consolidated information on cloud security.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stats work brilliantly when it comes to inspiring action<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s why we\u2019ve consolidated cloud security statistics from a host of sources with the simple goal of giving you a picture of cloud security that is broad enough to cover most bases and targeted enough to help you find what you are looking for quickly.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Fix vulnerabilities before attackers find them through advanced <a href=\"https:\/\/www.getastra.com\/pentesting\/cloud\" data-type=\"link\" data-id=\"https:\/\/www.getastra.com\/pentesting\/cloud\"><strong>cloud penetration testing services<\/strong>&nbsp;<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Top_Cloud_Security_Statistics_To_Set_The_Stage\"><\/span>Top Cloud Security Statistics To Set The Stage<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>There will be 100 zettabytes of data stored in the cloud by the end of 2025. That\u2019s a hundred billion terabytes.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudwards.net\/remote-work-statistics\/\" target=\"_blank\" rel=\"noopener\">51% of the US workforce<\/a> was working remotely full-time in April 2020. This number has come down to 25% in 2021 which is still relatively higher than it used to be pre-pandemic.<\/li>\n\n\n\n<li>Partially remote workers are taking an average of 5.8 remote work days per month as opposed to 2.4 days per month in the pre-pandemic era.<\/li>\n\n\n\n<li>The projected market value for cloud storage in 2023 is 103.44 billion USD which is estimated to hit 376.67 billion USD by the year 2029.<\/li>\n\n\n\n<li>Cloud Security is the top concern pertaining to cloud computing for 83% of organizations.<\/li>\n<\/ol>\n\n\n\n<style>\n.ctaSaasCheckWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2025\/08\/0737b9ac-deepblue-bg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 275px;\n  border-radius: 10px;\n  margin: 20px 0px;\n}\n.pentestHeadingDB{\n  color: #fff;\n  font-size: 24px;\n  font-weight: 600;\n  max-width: 450px;\n}\n.ctaSaasCheckWrapHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n.ctaOneDB {\n    display: flex;\n  align-items: center;\n  padding: 1rem 1.5rem;\n  border-radius: 12px;\n  background-color: #FCBB2F;\n  text-decoration: none;\n  grid-gap: .5rem;\n  color: #000!important;\n  font-size: 18px;\n  font-weight: 500;\n  min-height: 3.75rem;\n  max-height: 3.75rem;\n  box-shadow: 0 4px 4px #00000014, 0 0 0 1px #C08E24, inset 0 -4px #0000003d;\n}\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #FFFFFF !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n.ctaSaasCheckWrapImg{\n  position: absolute;\n  bottom: 0px;\n  right: 10px;\n  height: 250px;\n  width: 240px;\n}\n@media(max-width: 768px){\n}\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n   .ctaSaasCheckWrapImg{\n     display: none;\n   }\n}\n<\/style>\n\n<div class=\"ctaSaasCheckWrap\">\n<p class=\"pentestHeadingDB\">Find misconfigurations, risks on your cloud easily<\/p>\n<p style=\"color: #fff;\">Try Agentless Cloud Vulnerability Scanner<\/p>\n<div class=\"ctaSaasCheckWrapHead\">\n  <a class=\"ctaOneDB\" href=\"\/contact-us\">Learn More<\/a>\n<\/div>\n<img decoding=\"async\" class=\"ctaSaasCheckWrapImg\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/96ad3cf0-girlcta.png\" alt=\"character\" \/>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Whats_Lurking_Behind_Your_Cloud_Dashboard\"><\/span>What\u2019s Lurking Behind Your Cloud Dashboard?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cloud vulnerabilities surged <strong>1.8x last year<\/strong>, but here\u2019s the part most miss:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Astra uncovered <strong>5.33 vulnerabilities per minute<\/strong>, and<\/li>\n\n\n\n<li>Even in cloud setups, the biggest risks came from <strong>misconfigurations and weak IAM<\/strong>, not flashy zero-days<\/li>\n\n\n\n<li>Manual pentests revealed critical flaws that automation missed, like leaked keys, insecure access paths, and exposed internal endpoints<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The <em>State of Continuous Pentesting 2025<\/em> breaks down what\u2019s really happening inside cloud environments and how quickly security debt is accumulating.<\/p>\n\n\n<div class=\"gb-container gb-container-e7c5d7cf\">\n<div class=\"gb-container gb-container-ab421196\">\n\n<div class=\"gb-headline gb-headline-4ab8b3a2 gb-headline-text\">Critical vulnerabilities are up 83%\u2014but they\u2019re just the tip of the iceberg. <span style=\"color:#3078FE;\">Discover how attackers are chaining low-severity issues into high-impact exploits.<\/span><\/div>\n\n\n<div class=\"gb-container gb-container-3fe8d7c6\">\n\n<a class=\"gb-button gb-button-d64ca209 gb-button-text\" href=\"https:\/\/www.getastra.com\/reports\/state-of-continous-pentesting-insights\/2025\" target=\"_blank\" rel=\"noopener noreferrer\">Download the Report<\/a>\n\n<\/div>\n<\/div>\n\n<div class=\"gb-container gb-container-6a88c5dd\">\n<div class=\"gb-container gb-container-138f55b1\">\n<div class=\"gb-container gb-container-22c8a380\">\n<div class=\"gb-container gb-container-c1f45f6d\">\n\n<figure class=\"gb-block-image gb-block-image-daf3dd39\"><img loading=\"lazy\" decoding=\"async\" width=\"1646\" height=\"1805\" class=\"gb-image gb-image-daf3dd39\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png\" alt=\"\" srcset=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png 1646w, \/cdn-cgi\/image\/width=1401,height=1536,fit=crop,quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png 1401w\" sizes=\"auto, (max-width: 1646px) 100vw, 1646px\" \/><\/figure>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Storing_sensitive_data_in_the_cloud\"><\/span>Storing sensitive data in the cloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2023\/02\/Statistics-Template-62.png\" alt=\"cloud security statistics\" class=\"wp-image-25014\"\/><\/figure>\n<\/div>\n\n\n<ol class=\"wp-block-list\">\n<li>In 2022, 62% of the cloud computing market was shared by three public cloud providers. AWS holds 33% of the market, Microsoft Azure follows at 21%, and Google Cloud Platform or GCP has an 8% share.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">With the growing dependency on clouds, concerns intensify regarding the security and privacy of the data stored in the cloud and in transit to and from the cloud. The security concerns are further elevated by the growing popularity of <a href=\"https:\/\/www.timedoctor.com\/blog\/remote-workplace-trend\/\" target=\"_blank\" rel=\"noopener\">remote work<\/a> which reached its peak in the spring of 2020 owing to the pandemic.<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/resources.idg.com\/download\/2020-cloud-computing-executive-summary-rl\" target=\"_blank\" rel=\"noopener\">92% of all organizations<\/a> already have some portion of their IT environment hosted in the cloud.<\/li>\n\n\n\n<li>The share of corporate data stored in the cloud in 2015 was 30% and in 2022 it was 60%. It goes on to show how quickly the cloud has replaced legacy data storage systems. By 2030 the cloud computing market will be worth $1.5 trillion.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">All this data is primarily stored in public and private clouds.<strong> <\/strong>Apart from these two, there are the multi-cloud and the hybrid cloud which are not types of cloud hosting services but strategies.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some organizations distribute their assets and resources among multiple cloud-hosting platforms both private and public. They build a multi-cloud environment to avail more services, improve infrastructure, and reduce costs.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A hybrid cloud environment is quite similar to a multi-cloud except in this case an organization combines cloud services and on-premise hosting facilities to distribute their assets and operations.&nbsp;<\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>48% of all businesses have chosen to use the cloud to store classified data both encrypted and unencrypted.<\/li>\n\n\n\n<li>34% of workers say that they prefer working remotely and using the cloud on a regular basis, in fact, they think remote work can be a driver for a job switch.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The bring-your-own-device (BYOD) culture combined with the propensity among employees to work remotely has made cloud security all the more important.&nbsp;<\/p>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>46% of organizations use applications that are purpose-built for the cloud.<\/li>\n\n\n\n<li>54% of organizations have moved workloads from an on-premise environment.<\/li>\n\n\n\n<li>Among these companies, 52% faced difficulties during the migration.<\/li>\n\n\n\n<li>At 94.4% Google Drive is the most used cloud storage service globally (Cloudwards).<\/li>\n\n\n\n<li>According to Statista, 86% of enterprises face challenges managing data in multi-cloud environments.<\/li>\n\n\n\n<li>The cloud storage market was valued at 70.19 billion dollars in 2021 and was estimated to grow by  83.41 billion USD in 2022. (Statista)<\/li>\n\n\n\n<li>According to a survey by Thales involving 2800+ IT professionals, 19% of the respondents store more than 60% of their sensitive data in the cloud.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cloud_Security_Challenges\"><\/span>Cloud Security Challenges<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations operating in different verticals observe challenges pertaining to cloud security differently. For some, the most difficult part is migrating the workloads securely, for others it could be a shortcoming in privilege management or a lack of awareness among members.<\/p>\n\n\n\n<ol start=\"13\" class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cloudwards.net\/cloud-computing-statistics\/#Sources\" target=\"_blank\" rel=\"noopener\">In a survey<\/a>, 75% of the responding businesses pointed to cloud security as their top concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"14\" class=\"wp-block-list\">\n<li>33% of respondents are extremely concerned, 42% are very concerned, and 25% are moderately concerned about cloud security.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The following stats show the most pressing concerns around cloud security according to cyber security experts.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-background\" style=\"background-color:#e4f3fc;grid-template-columns:auto 35%\"><div class=\"wp-block-media-text__content\">\n<div class=\"wp-block-group\" style=\"padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"wp-block-paragraph\" style=\"font-size:36px;line-height:1.2\">52% of cybersecurity experts mention insecure APIs as a crucial cloud security concern.<\/p>\n<\/div><\/div>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Statistics-Template-24.png\" alt=\"\" class=\"wp-image-23981 size-full\"\/><\/figure><\/div>\n\n\n\n<ol start=\"15\" class=\"wp-block-list\">\n<li>68% of the responding cyber security experts categorize misconfigured cloud infrastructure as a pressing concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"16\" class=\"wp-block-list\">\n<li>58% mention unauthorized access as a crucial challenge and a reason for concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"17\" class=\"wp-block-list\">\n<li>52% mention insecure APIs as a pressing cloud security concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"18\" class=\"wp-block-list\">\n<li>50% mention the hijacking of accounts, services, and traffic.<\/li>\n<\/ol>\n\n\n\n<ol start=\"19\" class=\"wp-block-list\">\n<li>43% of the participating experts categorize external data sharing as a major concern.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The cloud security challenges along with general cloud computing challenges differ across different sizes of companies.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ol start=\"20\" class=\"wp-block-list\">\n<li>42% of enterprises struggle the most with data privacy and security.<\/li>\n<\/ol>\n\n\n\n<ol start=\"21\" class=\"wp-block-list\">\n<li>39% of large enterprises find compliance and governance difficult.<\/li>\n<\/ol>\n\n\n\n<ol start=\"22\" class=\"wp-block-list\">\n<li>37% of them struggle with controlling costs.<\/li>\n<\/ol>\n\n\n\n<ol start=\"23\" class=\"wp-block-list\">\n<li>For 31% of large businesses securing cloud assets and resources is a major challenge.<\/li>\n<\/ol>\n\n\n\n<ol start=\"24\" class=\"wp-block-list\">\n<li>The lack of cloud security skills and expertise is a major challenge for 30% of enterprises.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Small and mid-size businesses have similar challenges but the numbers differ quite a bit.&nbsp;<\/p>\n\n\n\n<ol start=\"25\" class=\"wp-block-list\">\n<li>43% SMBs rank controlling costs as their biggest challenge.<\/li>\n<\/ol>\n\n\n\n<ol start=\"26\" class=\"wp-block-list\">\n<li>36% rank data security and privacy in the cloud as their top concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"27\" class=\"wp-block-list\">\n<li>For 28% of SMBs migrating assets and workloads to the cloud securely is the biggest challenge.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">If we isolate the cloud security concerns and keep general cloud computing challenges out of consideration, numbers change.<\/p>\n\n\n\n<ol start=\"28\" class=\"wp-block-list\">\n<li>Data loss and leakage worry 69% of companies.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"29\" class=\"wp-block-list\">\n<li>Data privacy and confidentiality concerns 66% of companies.<\/li>\n<\/ol>\n\n\n\n<ol start=\"30\" class=\"wp-block-list\">\n<li>For 44% of companies, accidental exposure is a massive concern.<\/li>\n<\/ol>\n\n\n\n<ol start=\"31\" class=\"wp-block-list\">\n<li>Data breaches are the main concern for 26% of companies.<\/li>\n<\/ol>\n\n\n\n<ol start=\"32\" class=\"wp-block-list\">\n<li>93% of organizations are worried about human error causing accidental exposure.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Different kinds of security threats are accompanied by the risk of data breaches. It is a situation no application owner or customer wants to go through but data breaches in the cloud are as real as they get.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cloud providers like AWS and GCP have their own set of security protocols in place. Cloud providers are usually responsible for securing the infrastructure and the operating systems. The users are in charge of encryption and access control among other things.&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-security-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cyber-security-statistics.jpg\" alt=\"cyber security statistics\" class=\"wp-image-24299\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-crime-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cybercrime-statistics.jpg\" alt=\"cybercrime statistics\" class=\"wp-image-24300\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/data-breach-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/data-breach-statistics.jpg\" alt=\"data breach statistics\" class=\"wp-image-24301\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/healthcare-data-breach-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/healthcare-data-breaches-statistics.jpg\" alt=\"healthcare data breaches statistics\" class=\"wp-image-24302\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/phishing-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/phishing-statistics.jpg\" alt=\"phishing statistics\" class=\"wp-image-24303\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/ransomware-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/ransomware-attack-statistics.jpg\" alt=\"ransomware attack statistics\" class=\"wp-image-24304\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/small-business-cyber-attack-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/Small-business-cyber-security-statistics.jpg\" alt=\"Small business cyber security statistics\" class=\"wp-image-24305\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/third-party-data-breach-statistics\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/3rd-party-data-breaches.jpg\" alt=\"3rd party data breaches\" class=\"wp-image-24297\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/cyber-insurance-claims-statistics\/\"><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"675\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2022\/12\/cyber-insurance-claims-statistics.jpg\" alt=\"cyber insurance claims statistics\" class=\"wp-image-24298\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cloud_Security_Breaches\"><\/span>Cloud Security Breaches<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2023\/02\/Statistics-Template-63-1.png\" alt=\"\" class=\"wp-image-25015\" style=\"width:446px;height:446px\"\/><\/figure>\n<\/div>\n\n\n<ol start=\"33\" class=\"wp-block-list\">\n<li>88% of cloud data breaches are caused by human error.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The error can take many forms &#8211; falling prey to a phishing scam, using weak or repetitive passwords, granting more access than required, and sometimes conscious misuse of privilege.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although the number of data breaches has gone down since 2021 a lot of companies and individuals are still at risk of cloud breaches.<\/p>\n\n\n\n<ol start=\"34\" class=\"wp-block-list\">\n<li>Data breaches in 2022 are 7% lower than in 2021.<\/li>\n<\/ol>\n\n\n\n<ol start=\"35\" class=\"wp-block-list\">\n<li>In the last 18 months, <a href=\"https:\/\/l.ermetic.com\/wp-idc-survey-results?\" target=\"_blank\" rel=\"noopener\">79% of companies<\/a> have faced at least one cloud breach.<\/li>\n<\/ol>\n\n\n\n<ol start=\"36\" class=\"wp-block-list\">\n<li>43% of companies have reported more than 10 breaches in that same duration.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"37\" class=\"wp-block-list\">\n<li>The average cost of a breach in a hybrid cloud environment was $3.61 million.<\/li>\n<\/ol>\n\n\n\n<ol start=\"38\" class=\"wp-block-list\">\n<li>The cost of a breach in the case of public clouds was 28.3% more than that of hybrid clouds.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">It would be interesting to learn what in particular caused these data breaches. Let\u2019s see if the following stats can give us a clear picture.<\/p>\n\n\n\n<ol start=\"39\" class=\"wp-block-list\">\n<li>Phishing is responsible for around 25% of all data breaches.<\/li>\n<\/ol>\n\n\n\n<ol start=\"40\" class=\"wp-block-list\">\n<li>Interestingly, men are twice as prone to falling prey to phishing (34%) as women (17%)<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">A lot of data breaches are attributed to cloud misconfigurations. A large part of the companies that suffer from cloud misconfiguration-related data breaches is tech companies.<\/p>\n\n\n\n<ol start=\"41\" class=\"wp-block-list\">\n<li>41% of the victims of cloud-misconfiguration-related breaches are tech companies.<\/li>\n<\/ol>\n\n\n\n<ol start=\"42\" class=\"wp-block-list\">\n<li>Healthcare organizations follow at 20%<\/li>\n<\/ol>\n\n\n\n<ol start=\"43\" class=\"wp-block-list\">\n<li>10% of the victims are government agencies<\/li>\n<\/ol>\n\n\n\n<ol start=\"44\" class=\"wp-block-list\">\n<li>The hospitality and finance industries constitute 6% of the companies.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Access control and privilege management are two of the most concerning issues pertaining to cloud security. It is almost a trend to grant too much access to members. Lack of awareness and disregard for the dangers of unnecessary privileges combine to create a very volatile security environment.<\/p>\n\n\n\n<ol start=\"45\" class=\"wp-block-list\">\n<li>Compromised privileged accounts are held responsible for <a href=\"https:\/\/www.idsalliance.org\/press-release\/new-study-reveals-only-49-of-organizations-proactively-invest-in-identity-protection-prior-to-a-security-incident\/\" data-type=\"link\" data-id=\"https:\/\/www.idsalliance.org\/press-release\/new-study-reveals-only-49-of-organizations-proactively-invest-in-identity-protection-prior-to-a-security-incident\/\" target=\"_blank\" rel=\"noopener\">34<\/a><a href=\"https:\/\/www.idsalliance.org\/press-release\/new-study-reveals-only-49-of-organizations-proactively-invest-in-identity-protection-prior-to-a-security-incident\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">% of all identity-related breaches<\/a> in the last two years.<\/li>\n<\/ol>\n\n\n\n<ol start=\"46\" class=\"wp-block-list\">\n<li>Believe it or not, 90% of cloud identities are currently using less than 5% of the permissions granted to them.<\/li>\n<\/ol>\n\n\n\n<ol start=\"47\" class=\"wp-block-list\">\n<li>Only 38% of organizations use multi-factor authentication for securing privileged accounts.<\/li>\n<\/ol>\n\n\n\n<ol start=\"48\" class=\"wp-block-list\">\n<li>32% of companies have had issues with the wrong users having privileged access.<\/li>\n<\/ol>\n\n\n\n<ol start=\"49\" class=\"wp-block-list\">\n<li>25% of companies have experienced problems with unauthorized users.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Encrypting_Data_in_the_Cloud\"><\/span>Encrypting Data in the Cloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As we had discussed earlier, cloud security is maintained through a shared responsibility model where the cloud provider secures the OS and the infrastructure and the user is liable for securing the data. Encryption plays a huge role in securing data.<\/p>\n\n\n\n<ol start=\"50\" class=\"wp-block-list\">\n<li>Only 21% of organizations have encrypted more than 60% of their data in the cloud.<\/li>\n<\/ol>\n\n\n\n<ol start=\"51\" class=\"wp-block-list\">\n<li>&nbsp;<a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/Gated-Assets\/white-papers\/sophos-the-state-of-ransomware-2020-wp.pdf\" target=\"_blank\" rel=\"noopener\">59% of ransomware incidents<\/a> where the data is successfully encrypted involve data in the public cloud.<\/li>\n<\/ol>\n\n\n\n<ol start=\"52\" class=\"wp-block-list\">\n<li>The way data is encrypted in the cloud is driven by infrastructure and architecture for 46% of companies and by compliance regulations for 38% of companies.<\/li>\n<\/ol>\n\n\n\n<ol start=\"53\" class=\"wp-block-list\">\n<li>55% of companies use more than 5 solutions to manage encryption keys whereas only 12% use 1 or 2.&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Zero_Trust_Approach_in_the_Cloud\"><\/span>The Zero Trust Approach in the Cloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Zero Trust as a concept is most readily associated with Network Security where the internal and external networks are separated by a firewall and the concept of trust is rejected. A similar approach is being widely considered and, in some cases, implemented in the cloud environment.<\/p>\n\n\n\n<ol start=\"54\" class=\"wp-block-list\">\n<li>80% of enterprises said they are considering, evaluating, or deploying zero trust plans.<\/li>\n<\/ol>\n\n\n\n<ol start=\"55\" class=\"wp-block-list\">\n<li>Zero Trust concepts are greatly influencing the cloud strategies of 30% of companies while some zero trust concepts are being used by 48% of companies.<\/li>\n<\/ol>\n\n\n\n<ol start=\"56\" class=\"wp-block-list\">\n<li>22% of companies said their cloud strategy is unaffected by zero trust concepts.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Regular security evaluations play a vital part in zero trust plans and in cloud security maintenance in general.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cloud_Security_Evaluation\"><\/span>Cloud Security Evaluation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-background\" style=\"background-color:#e4f3fc;grid-template-columns:auto 35%\"><div class=\"wp-block-media-text__content\">\n<div class=\"wp-block-group\" style=\"padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"wp-block-paragraph\" style=\"font-size:36px;line-height:1.2\">22% of companies still assess cloud security manually.<\/p>\n<\/div><\/div>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2023\/02\/Statistics-Template-66.png\" alt=\"\" class=\"wp-image-25020 size-full\"\/><\/figure><\/div>\n\n\n\n<ol start=\"57\" class=\"wp-block-list\">\n<li>Only 20% of organizations conduct real-time cloud security posture evaluation and a similar number of companies engage in weekly evaluations.<\/li>\n<\/ol>\n\n\n\n<ol start=\"58\" class=\"wp-block-list\">\n<li>58% of companies assess their security posture once a month or less frequently.<\/li>\n<\/ol>\n\n\n\n<ol start=\"59\" class=\"wp-block-list\">\n<li>22% of companies are still assessing cloud security manually.<\/li>\n<\/ol>\n\n\n\n<ol start=\"60\" class=\"wp-block-list\">\n<li>79% of companies are looking for a more integrated and comprehensive cloud security assessment process.&nbsp;&nbsp;&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Security assessments contribute directly to the prospect of gaining compliance with security standards. The following cloud security stats will help you understand the state of audit readiness among businesses across the world.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cloud_security_audits\"><\/span>Cloud security audits<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol start=\"61\" class=\"wp-block-list\">\n<li>In a survey involving companies from the Asia Pacific region, 43% of respondents admitted having failed an audit in the past.<\/li>\n<\/ol>\n\n\n\n<ol start=\"62\" class=\"wp-block-list\">\n<li>Hongkong (50%) and India (49%) had the highest number of audit failures in 2022.<\/li>\n<\/ol>\n\n\n\n<ol start=\"63\" class=\"wp-block-list\">\n<li>South Korea (39%) has had the lowest number of audit failures.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wrapping_Up\"><\/span>Wrapping Up<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Compliance violations, data breaches, violation of agreements with the cloud provider, misconfigurations, there are a bunch of ways that can lead you to a cloud security failure. But a lack of awareness and resultant human errors seem to be the most common culprit. It&#8217;s important to educate your teams, integrate security practices with business processes and perform regular <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/application-security-testing-tools\/\" data-type=\"post\" data-id=\"19919\">security testing<\/a>.<\/p>\n\n\n\n<style>\n.ctaSaasCheckWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2025\/08\/0737b9ac-deepblue-bg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 275px;\n  border-radius: 10px;\n  margin: 20px 0px;\n}\n.pentestHeadingDB{\n  color: #fff;\n  font-size: 24px;\n  font-weight: 600;\n  max-width: 450px;\n}\n.ctaSaasCheckWrapHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n.ctaOneDB {\n    display: flex;\n  align-items: center;\n  padding: 1rem 1.5rem;\n  border-radius: 12px;\n  background-color: #FCBB2F;\n  text-decoration: none;\n  grid-gap: .5rem;\n  color: #000!important;\n  font-size: 18px;\n  font-weight: 500;\n  min-height: 3.75rem;\n  max-height: 3.75rem;\n  box-shadow: 0 4px 4px #00000014, 0 0 0 1px #C08E24, inset 0 -4px #0000003d;\n}\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #FFFFFF !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n.ctaSaasCheckWrapImg{\n  position: absolute;\n  bottom: 0px;\n  right: 10px;\n  height: 250px;\n  width: 240px;\n}\n@media(max-width: 768px){\n}\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n   .ctaSaasCheckWrapImg{\n     display: none;\n   }\n}\n<\/style>\n\n<div class=\"ctaSaasCheckWrap\">\n<p class=\"pentestHeadingDB\">One scan. Total cloud visibility.<\/p>\n<p style=\"color: #fff;\">Agentless vulnerability scanning across multiple clouds.<\/p>\n<div class=\"ctaSaasCheckWrapHead\">\n  <a class=\"ctaOneDB\" href=\"\/contact-us\">Learn More<\/a>\n<\/div>\n<img decoding=\"async\" class=\"ctaSaasCheckWrapImg\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/96ad3cf0-girlcta.png\" alt=\"character\" \/>\n\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>We have adopted the cloud rather quickly. We\u2019ve migrated our workloads in a haste at times, and we&#8217;ve developed cloud-native applications and adapted to a cloud-first business approach.&nbsp; Security, somehow, gets left behind amidst all the movement. One reason for that may be the want for concrete, tangible, consolidated information on cloud security.&nbsp; Stats work &#8230; <a title=\"68 Cloud Security Statistics to Be Aware of in 2026\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/cloud\/cloud-security-statistics\/\" aria-label=\"Read more about 68 Cloud Security Statistics to Be Aware of in 2026\">Read more<\/a><\/p>\n","protected":false},"author":103,"featured_media":25011,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[704],"tags":[],"class_list":["post-24944","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/24944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/103"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=24944"}],"version-history":[{"count":14,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/24944\/revisions"}],"predecessor-version":[{"id":44441,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/24944\/revisions\/44441"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/25011"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=24944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=24944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=24944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}