Proofpoint: cloud account compromises cost organisations over US$6mn annually

Over two-thirds of surveyed IT professionals believe cloud account takeovers are a significant risk to their organisations.

Proofpoint, a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organisation, has released the results of a new study on “The Cost of Cloud Compromise and Shadow IT.” The average cost of cloud account compromises reached US$6.2mn over a 12-month period, according to over 600 IT and IT security professionals in the US. In addition, 68% of these survey respondents believe cloud account takeovers present a significant security risk to their organisations, with more than half indicating the frequency and severity of cloud account compromises has increased over the last 12 months.

“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly,”said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.“Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”

Only 44% of survey respondents believe their organisations have established clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Risks are also magnified as fewer than 40% of respondents say their organizations are vigilant in conducting cloud app assessments before deployment.

Additional key survey findings include:

  • Cloud account compromises are costly incidents and present a significant security risk. According to 86% of respondents, the annual cost of cloud account compromises is over $500,000. Survey respondents also reported 64 cloud account compromises per year on average, with 30% exposing sensitive data. Nearly 60 percent of respondents indicated Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. Overall, over 50% of respondents say phishing is the most frequent method attackers use to acquire legitimate cloud credentials.
  • Shadow IT is creating substantial risks for organisations. Seventy-five percent of respondents say their use of cloud apps and services without the approval of IT is a serious security risk. Additional practices also increased risks, including moving to the cloud and mobile workforce (72%) and cloud-based collaboration and messaging tools for sharing sensitive or confidential files (70%).
  • Strong authentication and adaptive access controls are essential in securing admission to cloud resources. Over 70% of respondents supported multiple identity federation standards, including SAML, and controlling strong authentication before accessing data and applications in the cloud. 61% agreed adaptive access controls to protect users most at risk are essential.

READ MORE:

“SaaS security simply cannot be an afterthought given the high cost of cloud account compromise and today’s heightened hybrid working environment. The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio,” said Tim Choi, vice president of Product Marketing for Proofpoint. “Such an approach effectively addresses concerns like cloud account compromise, unauthorized access to cloud data, and cloud application governance. Organizations need clearly defined roles, established accountability, and a CASB solution that can be operationalized in hours—not weeks.”

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Luke Conrad

Technology & Marketing Enthusiast

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...