75+ Surprising Cloud Security Statistics You Should Know in 2024

Cloud Security Statistics

How often do cloud security incidents occur? Who gets hit and why? What vulnerabilities arise from cloud computing, and how are they exploited? Up-to-date cloud security statistics can help you understand all of this. 

Most businesses—and a substantial proportion of individuals—now rely on at least one cloud service for accessing software, storing data, hosting infrastructure, or a combination of all these. This gives rise to specific risks that all cyber security professionals must be familiar with. 

We’ve been exploring the latest information on cloud trends, recent security breaches, threat types, and more. 

Read on for our comprehensive cloud security statistics roundup to help flesh out your understanding of one of the hottest current topics in cyber security management. 

Ready? Let’s go. 

Cloud Security Statistics Trends

Recent cloud computing security statistics demonstrate that attacks on cloud environments and applications are on the rise. This highlights the need for organizations to consider the likelihood of a cloud-related breach as a probability rather than a possibility. 

1. In 2023, 82% of data breaches involved data stored in the cloud.

2. According to Crowdstrike, total cloud environment intrusions increased by 75% from 2022 to 2023. 

3. 98% of organizations have a relationship with a vendor that experienced a data breach within the last two years. 

4. 39% of businesses experienced a data breach in their cloud environment in 2023, up from 35% in 2022.

Cloud Adoption Statistics 

Why are cloud-related cyber attacks on the rise? It’s because many users are turning to the cloud to store data and workloads. 

It’s also because of the growth of on-demand, cloud-based models for distributing software and IT infrastructure, known as software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS). 

Total Volumes of Data in the Cloud 

5. More than 60% of the world’s corporate data is stored in the cloud. 

6. By 2025, 200 zettabytes of data will be stored in the cloud (a zettabyte equates to a billion terabytes). This will be 50% of the world’s total data, up from approximately 25% stored in the cloud in 2015.

IT Infrastructure in the Cloud 

7. 79% of businesses say they have multiple cloud service providers.

8. 90% of large enterprises have multi-cloud infrastructure, incorporating at least one shared and one private cloud element. 

9. 65% of companies now default to cloud-based services when upgrading or purchasing new technical capabilities.

10. Amazon is the biggest cloud provider, with a market share of approximately 31%.

Biggest Cloud Providers by Market Share (2024)

Provider Market Share 
Amazon Web Services 31%
Microsoft (Azure)24% 
Alphabet (Google Cloud Platform)11%
Alibaba4%
Salesforce 3%

Small Business Cloud Usage 

11. A 2022 survey showed that 78% of small and mid-size businesses (SMBs) use the cloud for at least some business applications and data. This represented a 56% increase from the same cloud user survey in 2019, conducted just before the pandemic. 

12. 44% of traditional small businesses use cloud infrastructure or hosting, compared to 66% of tech-based small businesses.

The Cloud and Personal Usage 

13. In 2020, an estimated 2.3 billion people were using personal cloud storage solutions up from 1.1 billion in 2014. 

14. Around 70% of people use cloud storage services to store photos

15. Around 55% of personal users use at least three different services for cloud storage. 

16. Google Drive is the most popular personal cloud storage solution, used by 94% of users.

1. Most Used Cloud Storage Services

17. More than 50% of cloud storage consumers are concerned about privacy and data loss. Of those, less than half know the terms and conditions they agree with. 

Software as a Service (SaaS) Usage Rates 

18. 65% of companies now default to cloud-based services when upgrading or purchasing new technical capabilities.

19. In 2023, 22% of IT leaders said that their enterprises utilized 51–100 SaaS applications, up from 16% in 2021. 

20. Half of all enterprise business users interact with between 11 and 33 cloud-based apps monthly. The top 1% of users interact with more than 96 apps per month.  

21. The most popular enterprise cloud apps are OneDrive, Google Drive, and Sharepoint.

2. Top 20 Most Popular Apps (by percentage of users)

Cloud Security Cyber Security Threats and Targets 

Cloud security risks are present across all sectors and geographical regions. By far, the majority of threat actors are motivated by financial gain.  

Cloud Security Threat Actors

22. 46% of business IT leaders say that external actors (e.g., hackers) pose the most considerable security risk to their cloud data.

3. Biggest Risks to Cloud Data Security

Cloud Security Target Sectors and Locations 

23. Europe experienced 46% of cloud-related security incidents in the year to June 2023. North America experienced 29% of incidents.

24. Telecommunications is the most frequently-targeted sector in cloud attacks. In 2023, the sector was the target of 38% of all attacks. 

25. Defense is the most common target for cloud attacks conducted by advanced persistent threats (APT) groups

26. Healthcare is the sector most targeted by cloud-based ransomware attacks.

Cloud Attacks - Industry Targets

Threat Actor Motivations 

27. More than 4 in 5 cloud intrusions directly attributable to a threat actor in 2023 were financially motivated.

28. Credentials comprise 90% of cloud assets for sale on the dark web. 

29. In 2023, the average price for individual cloud credentials on the dark web was USD $10.68

Cloud vs On-premise Infrastructure: Vulnerabilities Compared

30. On-premise infrastructure appears more vulnerable to cyber attacks than the cloud. In 2023, the most significant difference related to ransomware and other malware attacks. These were reported by nearly twice as many organizations with on-premise environments (37%) as opposed to cloud environments (19%).

5. Most Common Security Incidents - Cloud vs on-premise

Most Targeted Cloud Infrastructure Types

31. AWS environments are disproportionately more likely to be subject to security incidents than other cloud environments. 

32. Expel says that 96% of the incidents it responded to in 2023 occurred in AWS, with the other 4% split evenly between GCP and Azure—even though only half of its customers use AWS, around a third use Azure, and 17% use GCP.

33. 38% of IT leaders rank SaaS applications as the leading cloud-based target for hackers, followed by cloud-based storage (36%).  

Cloud Security Threat Categories and Attack Techniques 

The statistics show that threat actors are always ready and willing to exploit relatively basic misconfiguration errors and lax access controls. Once a criminal gets the right cloud credentials, it’s easy for them to do their stuff.  

Cloud Security Incident Categories 

34. Phishing remains the most common security incident in cloud infrastructure.

6. Most Common SEcurity Incidents in the Cloud

Perception of Cloud Security Threats 

35. Misconfiguration of the cloud platform is considered the most significant security threat by professionals.

Threat type% of security professionals who regard it as threat 
Misconfiguration of the cloud platform/ wrong setup59%
Exfiltration of sensitive data 51%
Insecure interfaces/APIs 51%
Unauthorized access 49%
Hijacking of accounts, services, or traffic 45%
External sharing of data 39%
Malicious insiders 38%
Malware/ransomware37%
Foreign state-sponsored attacks 37%
Denial of service attacks31%
Cloud cryptojacking 21%
Theft of service 20%
Lost mobile devices13%

Cloud Security and Misuse of Credentials 

36. The use of stolen credentials is the most common initial access vector in cloud security incidents, occurring in 36% of cases. 

37. IBM X-Force discovered plaintext credentials exposed on user endpoints in 33% of security investigation engagements involving cloud environments. 

38. Compared to 2022’s 31%, in 2023, 39% of businesses with cloud environments reported a user/admin account compromise incident

Phishing and Cloud Security 

39. Phishing is the initial access vector in 14% of cloud-related incidents.

40. Phishing is the most common security incident in the cloud. 58% of businesses with cloud environments reported a phishing incident in 2023. This was down from 73% of businesses in 2022. 

41. 17% of phishing targets in 2023 were cloud apps.

7. Top Phishing Tragets by Links Clicked

CVEs and Cloud Security 

42. In the year to June 2023, the IBM X-Force team tracked 632 new cloud-related common vulnerabilities and exposures (CVEs), a 194% increase from the previous year.

43. According to IBM X Force Data, the number of known cloud vulnerabilities doubled between 2019 and 2023, from around 1,700 to around 3,900.

8. Growth of Cloud Vulnerabilities by Year

44. Among internet-facing services hosted in public clouds, 11% of exposed hosts were found to contain high or critical vulnerabilities. 71% of these exposed vulnerabilities were at least two years old.  

Malware Attacks and Cloud Security 

45. In 2023, 8 out of every 10,000 enterprise users downloaded an average of 11 Trojans per month. Based on this, an organization with 10,000 users would have an average of 132 Trojans downloaded by users on their network. 

46. In 2023, the percentage of HTTP and HTTPS malware downloads originating from cloud-based SaaS apps was consistently above 50%

47. OneDrive is the app where malware downloads are most frequently detected. Reasons include that two-thirds of enterprise users regularly use it and that adversaries can easily create their own OneDrive accounts for malware hosting and sharing.

9. Top Apps Where Malware Was Detected

Cloud Security Challenges 

Especially in an IT environment comprising multiple cloud providers, there are many “moving parts” to track, thereby introducing added complexity to security management. Cloud environments demand specific expertise, and the statistics show that businesses struggle to bring the right skills on board. 

Management Challenges 

48. 95% of organizations are moderately to extremely concerned about cloud security.

10. Levels of Concern About Cloud Security

49. 55% of IT leaders say managing data in the cloud is more complex than in on-premise environments. 

50. In 2024, 47% of enterprises named “cloud-related threats” one of their top three cyber security concerns

51. Just 53% of organizations are satisfied with their existing cloud security capabilities. 

52. 82% of companies report an expanding gap between the number of cloud exposures and their ability to manage them. 

Cloud Skills Shortages and Workforce Challenges

53. 43% of cyber security professionals cite a lack of qualified staff as the biggest challenge when protecting cloud workloads.

11. Biggest Cloud Challenges for Business

54. In multi-cloud environments incorporating multiple solutions, 58% of cyber security professionals say that “having the right skills” is the biggest security challenge. 

55. Fortinet found that cloud security is currently at the top of the list of the most needed cyber security skills, as well as being the hardest to fill roles for organizations.

12. Most Needed Cyber Security Skills

56. A study by ISC2 also shows cloud security as the most requested and in-demand skill.

13. Most In-Demand Skills and Specialisms for 2024

Cloud Security Solutions and Threat Mitigation 

Too often, sensitive data is left exposed across cloud platforms. Cyber security professionals need to take special care to ensure that the tools they have in place deliver adequate visibility across their environments and help reduce the likelihood of exposure through human error. 

Budgeting, Strategy, and Task Management  

57. Only 41% of organizations have implemented zero trust controls in their cloud environments. 

58. Human error is reported as the leading cause of cloud security breaches by over half (55%) of businesses. 

59. In 2023, 60% of cyber security professionals expected their cloud security budget to increase over the coming 12 months.

60. Around half of organizations have separate processes for managing on-prem and hybrid cloud environments, suggesting a siloed approach, which may leave gaps in defense mechanisms. 

61. Only 23% of organizations report complete visibility of their cloud environments. 

62. 61% of organizations with cloud infrastructure use 3–6 different threat detection tools.

63. About 75% of organizations have security teams spending over 20% of their time performing manual tasks when addressing cloud security alerts. 

Sensitive Data, Access, and Encryption  

64. Only 45% of data stored on the cloud is encrypted.

65. Palo Alto Networks discovered that sensitive data existed in 66% of cloud storage buckets and 63% of publicly exposed storage buckets.

66. 76% of organizations do not enforce multi-factor authentication (MFA) for console users in cloud environments. 58% of organizations do not enforce MFA for root/admin users.

67. Just 14% of IT leaders say they control all the keys to their encrypted data in the cloud. 62% say they have five or more key management systems in play, causing added complexity in security management.

68. In 2023, 51% of cloud compromises affecting Google Cloud customers were attributed to weak or no passwords. 17% of compromises were linked to misconfiguration.

15. 2023 Cloud Compromises - Impact

Response Times and Impact of Cloud Security Impacts 

69. On average, it takes 145 hours (approximately six days) for a cloud security alert to be resolved.

70. 18% of organizations take more than four days to address critical cloud vulnerabilities

71. Over half of the vulnerabilities addressed by cloud-based organizations tend to recur within a month of initial remediation. 

72. According to IBM, the global average data breach cost in 2023 was $4.45 million - 15% more than in 2020. 

73. For companies with an annual turnover of less than $10 million, the average recovery cost following a ransomware attack is $165,520

74. Data breaches in hybrid cloud environments cost, on average, USD $440,000 less than public, private cloud, and on-premise models. 

New and Emerging Threats 

75. The proportion of businesses with cloud environments reporting a supply chain compromise in the last year increased from 6% in 2020 to 17% in 2023

76. Cryptomining—where criminals use a victim’s cloud processing power to mine for cryptocurrency—was observed by Google in two-thirds of cloud compromises in 2023.

14. 2023 Cloud Compromises - Initial ACcess

Recent Cloud Security Breaches 

Below are some more recent and shocking cloud breaches.

The Verkada Camera Hack 

This incident shows just how easy it is for threat actors to take advantage of weak access controls. With a username and password they found on the internet, hackers managed to gain super admin-level access to this cloud-based security camera provider's entire network—including root access to the cameras themselves. 

The 2023 Toyota Hack 

This hack is a reminder that not even the world’s biggest companies are immune to simple misconfiguration errors. It also demonstrates how long it can take for errors to be identified. In this case, data relating to hundreds of thousands of customers was potentially accessible externally for more than eight years.

Microsoft Cloud Email Breach 

This high-profile breach of Microsoft cloud email accounts belonging to multiple US government agencies was linked to the compromise of a corporate account belonging to a Microsoft engineer.

Conclusion 

Threat actors always hone their tactics in response to the behavior of their potential victims. 

So it’s hardly surprising that as businesses and individuals have shifted to the cloud, the number of attacks targeting cloud software, infrastructure, and platforms have increased. 

It’s not the case that the cloud is inherently less safe than on-premise infrastructure. It does, however, demand specific knowledge—especially if you want to cut out entirely avoidable misconfiguration and access control errors. 

You need to understand the environment you are seeking to protect, which is why cloud-specific knowledge is so sought after by employers.

If you want to develop cloud security skills to protect your business or become a cloud security professional, consider becoming a StationX Member

With access to over 1,000 courses and labs, as well as certification roadmaps, unlimited mentorship, and access to an active community of students and professionals, it’s the best way to accelerate your cyber security career.

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.

>