Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

The Biggest Cloud and Web Security Concerns Today

The Biggest Cloud and Web Security Concerns Today

Blog Article Published: 09/24/2022

Written by Megan Theimer, Content Program Specialist, CSA.

Cloud and Web Security Challenges in 2022 cover

With the continuation of remote work and newsworthy cyber attacks, organizations are struggling to adapt their overall security strategies to the changing landscape. To get a better understanding of the industry’s current attitudes regarding cloud and web security risks, Proofpoint commissioned CSA to develop the Cloud and Web Security Challenges in 2022 survey report.

This blog will cover the survey’s findings about organizations’ top cloud and web security concerns. To dive further into the results of the survey, make sure to check out the full survey report here.

Most concerning methods of attacks

When asked what is the most concerning method of attack that may target their organization, no single type of attack appeared to be of greater concern to the survey respondents. This indicates that organizations try to be vigilant when it comes to a wide array of attacks, including lateral movement (26%), command and control (26%), credential access (25%), privilege escalation (24%), discovery (24%), and persistence attacks (24%).

Most concerning cloud applications targeted in attacks

The types of cloud applications that organizations are most concerned about being attacked are applications that provide greater access to data. These applications are also used or accessible to most employees within an organization. The top two types of applications that organizations are most concerned about are email (36%) and authentication platforms (36%). Also of significant concern were cloud applications that provide access to the organization’s data, storage, and file sharing (35%); customer relationship management (33%); and enterprise business intelligence (30%).

Most concerning outcomes of cloud and web attacks

The outcomes organizations are most concerned about are consistent with the types of cloud apps they see as vulnerable. The top concern is the loss of sensitive data (47%), which is likely due to the reputational, financial, and legal implications that may result from such a loss.

The other top concerns have to do with the systems themselves. This includes loss of system access (37%), speaking to the previous concerns about access, and system sabotage (37%), echoing concerns about malware and ransomware.

Level of concern regarding security when collaborating with suppliers and partners

Respondents are concerned about security when collaborating with suppliers and partners. 81% of organizations report that they are moderately or highly concerned about this issue. This is consistent with recent attacks on US infrastructure and open-source solutions.

Top security concerns from partners and suppliers

Similar to the concerns around cloud and web attack outcomes, the top security concern with partners and suppliers is data loss (48%). Regardless of the type of attack, it appears that data loss, particularly sensitive data loss, is top of mind for many organizations. Authentication abuse (43%) is the second most concerning risk. These results further support the conclusion that organizations are most concerned about preventing access to data and the loss of data.


The results of the survey’s questions about cloud and web security concerns show that data loss is a top concern for organizations. Attackers frequently attempt to target personal or sensitive data that can be used for their financial gain, resulting in the loss of intellectual property, reputational damage, legal liability, and regulatory fines for businesses. It’s time to start putting protections in place to mitigate these concerns.

Now check out Cloud and Web Security Challenges in 2022 to review the rest of our findings, including the makeup of organizations’ security teams, the use and effectiveness of solutions for protecting against cloud and web threats, and the current state of cloud governance.

Share this content on your favorite social network today!