Home PC News Proofpoint: Compromised cloud accounts cost organizations over $6M

Proofpoint: Compromised cloud accounts cost organizations over $6M

Elevate your enterprise data technology and strategy at Transform 2021.

The average cost of cloud account compromises reached $6.2 million over a 12-month period, Proofpoint, a cybersecurity and compliance company, said in its latest The Cost of Cloud Compromise and Shadow IT report.

Cloud compromise and shadow IT report

Above: Very little corporate data in the cloud is controlled by IT.

Image Credit: Proofpoint

In a survey of 600 IT and IT security professionals in the U.S., 75% of respondents said shadow IT — use of cloud applications and services without the approval (or knowledge) of IT — is creating substantial risks for their organizations. While some respondents were confident — 24% very confident and 30% confident — users were using IT-approved cloud services and applications for file-sharing and collaboration tools, only 40% believed their organizations knew all the cloud cloud computing applications, platforms, and infrastructure services that their users were using.

An average of 42% of corporate data is stored in the cloud, but only an average of 27% of corporate data is stored in IT-controlled cloud environment. The majority of corporate data — 67% — is stored in cloud services deployed by departments other than corporate IT.

Protecting cloud data remains a challenge, as 68% called cloud account takeovers a significant risk to their organizations. More than half indicated the frequency and severity of these breaches has increased over the past year. Only 44% of survey respondents believe their organizations have established clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Fewer than 40% said their organizations were vigilant about conducting cloud app assessments before deployment.

Compromised cloud accounts are costly incidents and should drive organizations to invest in technologies, in-house expertise and user training and awareness programs. The costs include hours spent by staff responding to the incident, application downtime, business process workarounds, fines, legal fees, consultants/lawyers, MSSPs, notification of individuals and business partners affected by the exposure of their confidential information, and loss of customers and business relationships due to reputational damage.

On average, respondents reported 64 cloud account compromises per year, with 30% exposing sensitive data. The average annual IT budget in the organizations represented in this research was $167 million. An average of 22 percent, or $36.8 million, was allocated towards securing cloud-based resources. An average of six IT security personnel would be involved addressing compromised cloud accounts, with the IT security team spending an average of 14,184 hours annually to deal with these breaches.

Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. In a year, organizations experience an average of 138 hours of application downtime.

Read Proofpoint’s full The Cost of Cloud Compromise and Shadow IT.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Most Popular

Recent Comments