100+ Cloud Security Statistics for 2025

The year 2024 will be remembered as one of the worst for data breaches. Their scale and the damage they inflicted have highlighted just what can happen when cloud security is weak. From the Change Healthcare attack that impacted at least 100 million people to the Ticketmaster data security incident that affected more than 40 million users, the repercussions of a breach can be both severe and long-lasting. 

In this article, we present key figures related to cloud security in 2025. Before we look in more detail at cloud security and what can happen when it has gaps, here are some statistics that really caught our attention:

• Cloud security incidents have affected 80% of companies in the past year.
• More than 60% of organizations experienced security incidents related to public cloud usage in 2024.
• 88% of all data breaches result from human error. 
• In 2024, phishing was the most prevalent cloud security breach, affecting 73% of organizations.
• Preventing cloud misconfigurations was the top security priority for over half of companies in 2023.
• 72% of security professionals surveyed reported underlying infrastructure compromise as a key concern.

Cloud security breaches are an unfortunate fact of life across the globe. As cloud adoption continues to accelerate and so much of life is conducted online, malicious actors are redoubling their efforts to exploit vulnerabilities.

• In the past year, 80% of companies have been subject to cloud security breaches. 
• 27% of organizations experienced a public cloud security incident last year, an increase of 10% from the previous year.
• In the fourth quarter of 2023, 8 million-plus records were exposed worldwide.
• 96% of organizations worldwide have had problems with their cloud strategies.
• 45% of organizations reported dealing with four or more cloud-related security incidents over the last year.
• In 2022, 62% of organizations reported they were either somewhat or highly likely to experience a cloud data breach in the next year.
• The most prevalent cloud-related security incidents experienced are: 
  • security incidents during runtime (34%)
  • unauthorized access (33%)
  • misconfigurations (32%)
  • unremediated major vulnerabilities (24%)
  • a failed audit (19%)
  • The public sector (88%) and startups (89%) were main victims of cloud security breaches in 2023.
  • Cloud environment breaches overall increased by 75% between 2022 and 2023.

Even the biggest organizations and most famous names are not immune to security breaches. Here are some of the most high-profile recent breaches: 

• In early 2024, National Public Data was subject to a breach that allegedly exposed up to 2.9 billion records containing the highly sensitive personal data of up to 170 million people in the United States, the U.K., and Canada.
• The 2024 ransomware attack on Change Healthcare affected at least 100 million people.
• In May 2024, Dell’s systems experienced a brute force attack that exposed 49 million records.
• Toyota exposed 260,000 customers’ data in June 2023 when it misconfigured a cloud environment.
• Hackers who infiltrated AT&T’s systems compromised the personal data of 73 million current and former customers.
• In December 2023, the Real Estate Wealth Network leaked 1.5 billion records.

Moving to the cloud introduces a new set of constantly evolving challenges for organizations. Chief among those is security, with companies accustomed to operating with on-premises computing having to adapt to new security and compliance requirements when they migrate to the cloud.

• The primary operational and security worries relating to cloud migration reported by IT and security professionals are: 
  • hijacking of accounts, services, or traffic (35%)
  • malware/ransomware (31%)
  • privacy/data access issues including GDPR (31%)
  • unauthorized access (28%)
  • nation-state attacks (26%)
• The main security concerns about running applications in the public cloud are:
  • losing sensitive data (64%)
  • misconfiguration and improper security settings (51%)
  • unauthorized access (51%)
• Rapidly accelerating software development cycles create problems including: 
  • inadequate visibility and control within the development process for security teams(35%)
  • software being released without undergoing security checks or testing (34%)
  • inconsistent security processes among different development teams (33%)
  • developers overlooking security processes to deliver on time (33%)
  • new builds deployed to production with security issues such as misconfigurations and vulnerabilities (31%)
• 40% of IT and security professionals report that security is prioritized and strictly enforced during implementation and development.
• 2% of IT and security professionals claim that other teams never consult the security organization 
• The biggest security challenges in DevOps are:
  • secrets management (56%)
  • workforce Identity and Access Management (IAM) (52%)
  • successfully completing security sprints in a Scrum framework (45%)
• 96% of respondents surveyed are concerned about their capacity to manage security risks, highlighting the significant pressure on scarce resources.
• 41% of those surveyed cite their biggest concern as the lack of security awareness among employees. 
• 36% of survey participants cited poor integration and interoperability between security solutions as a significant challenge.
• 76% of survey respondents highlighted a shortage of skilled cybersecurity professionals.
• 91% of participants surveyed view AI as a priority for their cybersecurity strategies. 
• One of the main challenges facing cybersecurity operations is the huge volume of security alerts they receive daily, with 40% of organizations receiving more than 40 daily alerts. 
• 54% of survey respondents have problems managing compliance and cloud governance across diverse environments. 
• 49% struggle with integrating cloud services into legacy systems.
• 72% of security professionals cite underlying infrastructure compromise as a key concern.

Maintaining robust cloud security involves multiple interconnected elements. From ensuring your organization has the requisite skills to safeguard security to integrating cloud services into legacy systems, preventing cloud attacks is a complex undertaking — as the results of a survey of IT professionals reveal. 

• 45% of respondents claim that cloud security takes up a lot of engineering resources.
• Poor training and collaboration cause problems for 77% of respondents.
• Cloud-native approaches increase complexity for 41% of those surveyed.
• 54% have problems maintaining consistent regulatory standards and ensuring compliance across hybrid or multi-cloud environments.
• 49% find it challenging to integrate new cloud services into their existing legacy systems.
• 71% are experiencing a lack of skilled cybersecurity professionals for cloud security.
• 91% of respondents are worried about their security systems’ ability to manage zero-day attacks and unidentified risks and threats.
• Deployment delays caused by cloud API security concerns have affected 70% of financial services and insurance companies.
• 50% are significantly concerned about the hijacking of cloud accounts, services, and traffic.
• 44% of all corporate data exfiltration attempts originate from personal cloud apps.
• 88% of government agencies view cloud misconfiguration as a top security concern.
• 70% of CIOs believe cloud technologies reduce their level of control.
• 58% of organizations believe their current SaaS security solutions apply to at most half of their SaaS applications.
• 7% of organizations have no SaaS security monitoring.
• More than 7% of storage services containing sensitive data can be accessed publicly.

Malicious actors focus their efforts on three main areas:

• SaaS applications (31%)
• Cloud storage (30%)
• Cloud management infrastructure (26%)

Cloud security breaches are a serious financial headache. Breaches that are not identified and contained immediately will cost even more to remediate. The number of records exposed in a breach also affects the eventual cost.

• The average cost of a security incident rose 10% between 2019 and 2021, to $4.24 million.
• 86% of IT leaders revealed that cloud account hijacking incidents had generated financial losses exceeding $500,000.
• 33% of companies surveyed named cloud security as their top spending priority.

Preventing and containing cloud security breaches is big business. As cyberattacks become more sophisticated and cloud architecture becomes more complex, cloud security has to advance to meet the new challenges. 

• Valued at $20.54 billion in 2022, the global cloud security market is forecast to reach $148.3 billion by 2032.
• The global security market leaders are IBM (21% market share), Microsoft (16%), and Rapid7 (10%).
• Major enterprises make up 79% of the cloud security market.
• The value of the worldwide Cloud Security Posture Management (CSPM) market is expected to reach $15.6 billion by 2033, with a CAGR of 12.3% from 2023 to 2033.
• The cloud database security market is projected to grow 5X between 2022 ($10.13 billion) and 2029 (around $50 billion).
• Spending on cloud security has soared from $595 million in 2020 to more than $5.6 billion in 2023
• Cloud security spending is projected to reach almost $7 billion this year.
• The global cloud security software market is predicted to grow in value from $29.5 billion in 2020 to about $37 billion by 2026.

Where are the threats to cloud security coming from? Cyberattacks and technology may be growing in sophistication, but mistakes made by humans remain the top cause of data breaches overall and cloud security breaches specifically.

• Human error is responsible for 88% of all data breaches.
• When it comes to cloud security breaches, the primary root causes are:
  • misconfiguration or human error (31%)
  • exploitation of known vulnerabilities (28%)
  • exploitation of zero-day vulnerabilities (24%) 
  • failure to use Multi-Factor Authentication (MFA) for privileged accounts (17%)
• 35% of security professionals cite inadequate visibility and control during development as contributors to risks in the cloud.
• 31% of professionals identify misconfigurations and vulnerabilities in production builds as continuing problems.
• 25% of data breaches are phishing attacks.
• Phishing remains the most common identity security incident, impacting 69% of organizations in 2024.
• 33% of identity-related breaches relate to compromised privileged accounts.
• 37% of organizations reported breaches enabled by stolen credentials.
• 80% of data security incidents involve compromised or misused privileged credentials.
• 74% of organizations are worried about insider threats.
• 53% of businesses believe that it is harder to identify insider threats since migrating to the cloud.
• 48% of IT professionals say ransomware attacks have increased in the past year.
• 29% of organizations affected by ransomware said the attack could be traced to file downloads or emails with malicious attachments.
• 21% of businesses identified remote attacks on servers as facilitating ransomware incidents.
• Data security breaches account for 21% of reported incidents in 2024.
• 94% of businesses reported security issues with production APIs in 2023.
• 55% of HTTP malware downloads in the past year originated from cloud apps — up from 35% in the previous year.
• 98% of organizations are worried about supply chain compromise.
• 95% consider VPN exploitation a primary threat
• 82% are most concerned about credential stuffing.
• 52% of organizations view insecure interfaces in their public cloud environments as a significant security threat.

Given the disastrous impacts of cloud breaches, organizations continue to prioritize measures to prevent them. Their efforts are complicated by the sensitivity of much of the data in the cloud.  

• 47% of data in the cloud (on average) is deemed sensitive.
• Fewer than 10% of enterprises encrypt at least 80% of their sensitive cloud data.
• 53% of respondents use at least five encryption key management systems.
• 91% of survey respondents reported concerns about their security systems’ ability to manage zero-day attacks and unknown risks.
• 49% of organizations use firewalls as their main defensive measure, but only 37% have successfully implemented segmentation strategies. 
• 35% of survey respondents use a web application firewall (WAF).
• 26% use Cloud Security Posture Management (CSPM) to address security.

As technology continues to advance, humans are likely to be responsible for a growing proportion of cloud security breaches in the future. Given that multicloud strategies are also becoming more prevalent, it’s increasingly important to ensure that your cloud security posture is robust. 

• Gartner predicts that by 2025, 99% of cloud security failures will be the customer’s fault, primarily due to misconfigurations.
• The shift toward multicloud strategies is expected to increase complexity, which is worth bearing in mind when you consider that:
  • 76% of enterprises use at least two cloud providers.
  • 35% of industries have more than 50% of their workloads in the cloud
  • 69% of organizations leverage three or more cloud service providers.
  • The proportion of enterprises using industry-specific cloud platforms for business acceleration is expected to rise from less than 15% in 2023 to more than 70% by 2027.
• 72% of companies see cloud security as a future concern.

As organizations increasingly rely on the cloud for storing and processing sensitive data, robust cloud security measures become even more important. Cloud providers generally operate on a shared responsibility model, so some elements of security are managed by the customer and others are managed by the cloud provider. Choosing a reliable cloud provider and understanding your security responsibilities as a customer are foundational aspects of cloud security. Other best practices include multifactor authentication, encryption, and access controls. 

By prioritizing effective cloud security measures, organizations can reduce the risk of being the victim of a cloud security breach in 2025.

Sources

• US health tech giant Change Healthcare hit by cyberattack
• Breached websites that have been loaded into Have I Been Pwned
• The biggest data breaches in 2024: 1 billion stolen records and rising
• 70+ Cloud Security Statistics to Inspire Better Security in 2024
• Top Cloud Security Statistics in 2024
• 80+ Cloud Security Statistics For 2024
• 2024 Cloud Security Report
• 40+ Alarming Cloud Security Statistics for 2024
• What are your cloud security priorities for your company this year?
• Cloud security – statistics & facts
• Share of organizations who experienced a security incident related to public cloud usage in the last 12 months worldwide in 2024
• 2024 Thales Cloud Security Study Global Edition
• The Five Largest Data Breaches of 2024 (So Far)