Data Breaches and the Multiplier Effect of Cloud Services
Blog Article Published: 09/17/2014
By Eduard Meelhuysen, Managing Director, EMEA, Netskope We have had a number of conversations lately with our customers and partners about cloud security, with a particular focus on data protection in light of a growing number of data breaches. Against a backdrop of the iCloud hack and data breach revelations at major global corporations, the massive growth of cloud services is giving many IT and security professionals pause as they consider the impact that growth will have on data breaches in their organisations. The cloud introduces new dynamics in enterprise IT, including massive cloud app growth, much of it outside of the purview of IT; mobile access to cloud apps; and cloud-specific capabilities like sharing, which make it easy for content to get out of an enterprise’s control. Each of these dynamics could be considered a multiplier, or something that increases the probability of a data breach. To take the pulse of the market and quantify this idea, we asked the Ponemon Institute, a foremost expert in data breach research, to conduct a study on the topic. In support of our formal launch of Netskope in the Europe, Middle East, and Africa region, we are releasing “Data Breach: The Cloud Multiplier Effect.” The report pulls from a survey of 1,059 IT and security practitioners across Austria, Belgium, Denmark, France, Germany, Greece, Ireland, Italy, Netherlands, Poland, Russian Federation, Slovakia, Spain, Sweden, Switzerland and the United Kingdom, and measures not only the multiplier effect that cloud services have on the probability and economic impact of a data breach, but also takes stock of perceptions of cloud vendor enterprise-readiness. The report reveals several telling findings about the state of cloud security in EMEA, including:
- The presence of cloud services can increase the probability and economic impact of a data breach involving the loss or theft of customer information by as much as three times.
- A breach involving the loss or theft of 100,000 customer records would cost an organisation €13.6M, based on previously established cost metrics. Probability-adjusted, the expected economic impact comes to €1.63M. When asked about the increased use of cloud services, respondents projected a new probability that brought that estimate to nearly €5M.
- 85 percent of respondents don’t believe their cloud provider would notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information.
- 77 percent of respondents fear their cloud service provider would not notify them immediately if they had a data breach involving the loss or theft of customer data.
- 57 percent of respondents believe their cloud service providers don’t use enabling security technologies to protect and secure sensitive and confidential information.
- 72 percent believe their cloud service providers aren’t in full compliance with privacy and data protection regulations and laws.