Enterprises are facing a ‘cloud security crisis’

Data sprawl and lack of observability have spurred the increasing number of attacks

Cloud security concept image showing digitized cloud symbol above a circuit board with secondary cloud symbols surrounding.
(Image credit: Getty Images)
Jane McCallion's avatar
By
published
in News

Businesses are facing a “cloud security crisis” fueled by increasingly fragmented hybrid environments, according to security firm Rubrik.

The company, in association with Wakefield Research, interviewed 1,600 IT and security leaders for its The state of data security in 2025 report and found 90% had suffered cyber attacks in 2024.

For some, the onslaught was relentless, with almost 20% experiencing more than 25 cyber attacks during the year.

The consequences of these breaches can be serious at both a business and personal level, Rubrik warned. Of those respondents that admitted to suffering a cyber attack, 37% said their company had suffered reputational damage and loss of customer confidence.

A further 33% said such an incident had resulted in a forced leadership change.

When it comes to the sources of attack, 28% identified cloud or SaaS breaches as the point of origin. This has led Rubrik to point the finger squarely at the use of hybrid cloud strategies as a source of the problem.

“Many organizations that move to the cloud assume their providers will handle security,” said Joe Hladik, head of Rubrik Zero Labs. “The persistence of ransomware attacks, coupled with hybrid cloud vulnerabilities shows that threat actors are always one step ahead.”

However, this seems to overlook the fact that a similar proportion of attacks came from insider threats (28%).

Nevertheless, 90% of respondents said they were managing hybrid cloud environments, with 35% saying that securing data across a variety of ecosystems was their top challenge, while 29% said it was lack of visibility and control over cloud-based data.

This issue of visibility is something IT decision makers have raised repeatedly in recent years. In a December 2024 blog, Darktrace identified limited visibility as an emerging threat that can lead to misclassification of data in terms of sensitivity and misaligned access policies.

Similarly, research from Fortinet revealed 55% of the individuals it surveyed for its 2025 state of cloud security report found loss of visibility and control to be a major issue when securing multi-cloud environments – another aspect of data sprawl.

Rubrik’s recommendations for how to combat these issues is to follow the fundamentals of cybersecurity in the 2020s: identify where the data is, what it is, and how sensitive it is, both in motion and at rest.

Thereafter, enterprises should implement policies to protect this data and establish what processes and procedures can be used to enforce it. Similarly, IT teams should use automation where possible to enable them to focus on things that need real human expertise to solve, rather than using up their time on drudgery.

MORE FROM ITPRO

Jane McCallion
Jane McCallion
Managing Editor

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.

Latest
You might also like
View More ▸