A report has identified human error as one of the main causes of cloud infrastructure data breaches.

Cloud data breaches caused mostly by human error

In 2022, approximately two fifths of businesses fell victim to data breaches in their cloud environments, marking a 4% increase from the previous year. The Thales Global Cloud Security Study took in the views of around 3,000 IT and security professionals across 18 countries, also identified a major increase in the volume of sensitive data stored in cloud infrastructures.

A remarkable 75% of respondents stated that over 40% of their organisations’ data stored in the cloud was classified as ‘sensitive,’ a stark contrast to the 39% recorded in 2021. The primary reason for these breaches was human error, responsible for 55% of incidents, and far outweighing culprits like the exploitation of vulnerabilities at 21%.

The Thales study also revealed a 41% uptick in firms employing Software as a Service (SaaS) between 2021 and 2023, with these applications steadily taking the place of on-premises set-ups. Unfortunately, this expansion has made cloud data security more complex, as 55% of cyber professionals noted.

SaaS applications also emerged as the most targeted area for cyberattacks, accounting for 38% of incidents in 2022, followed closely by cloud storage at 36%.

Another significant trend was the surge in multi-cloud adoption, with 79% of organisations employing multiple cloud providers in 2022. However, this approach has brought about additional cybersecurity challenges due to varying security controls and data protection models – a disparity that increases the risk of breaches and malicious intrusions.

The study exposed a concerning lack of encryption, with only 22% of those polled saying that 60% or more of their cloud data is encrypted. On average, just under a half (45%) of sensitive cloud data was found to be encrypted. The report cited factors such as a lack of understanding of cloud encryption operations and concerns about limiting developer productivity as reasons for this low encryption rate.

To combat these rising threats, the report recommended increasing the adoption of strong multifactor authentication (MFA), a measure implemented by 65% of respondents. Howvever, experts have warned that MFA should not be considered a panacea, as cyber-threat actors are becoming more sophisticated in their approaches.

Continuous monitoring of user-targeting attempts within cloud platforms was also singled out as a critical security approach. Organisations are urged to use technologies that can track suspicious logins and behaviours, galvanising the overall cloud security posture.

Know the risks

As we change the way we work, it’s essential that business leaders stay on top of the threats to data and learn how to secure sensitive information at every juncture. These themes are explored in depth at #RISK Amsterdam, later this month.

Not to be missed:

Session: Head in the Clouds: Strategies for Protecting Data and Infrastructure

Date: Thursday 28 September, 2023

Location: Privacy, Security & ESG Theatre

Time: 14:00pm – 15:00pm (CET)

Panellists discuss the unique challenges of securing data and infrastructure in the cloud, and provide insights into the strategies and tools you can use to protect against cyber threats. 

They discuss the role of cloud service providers in ensuring the security of their platforms, and the importance of collaboration and communication between organisations and their cloud service providers.

Gain a comprehensive understanding of the challenges and opportunities of cybersecurity in the cloud, and learn about the strategies and tools available for protecting your organisation’s data and infrastructure.


Session: Shaping Europe’s Digital Future: Cybersecurity Law and Regulation

Date: Thursday 28 September, 2023

Location: Privacy, Security & ESG Theatre

Time: 15:00pm – 16:00pm (CET)

We explore the emerging trends and challenges in cybersecurity law and regulation and discuss how organisations can navigate this complex landscape to mitigate risk.

Panellists will look at the most upcoming and recently passed cybersecurity laws, regulations and amendments that are likely to have a major impact on a wide range of businesses, explaining who is covered and exploring the main obligations.



With over 50 exhibitors, keynote presentations from over 100 experts and thought leaders, panel discussions, and breakout sessions, #Risk Amsterdam 2023 is the perfect place to learn about the present and future risk landscape.

Click here to register for #RISK Amsterdam


Do you know what data is being used to ‘train’ the AI in your organisation? 

Do you have a process for managing ‘risk’ in the use of AI? 

Are employees being trained in the use of AI? 

Attend #RISK to learn & knowledge share:

Learn more about #RISK Amsterdam – 27th & 28th September 2023

LEARN MORE ABOUT #RISK LONDON  – 18th & 19th October 2023