In 2022, 80% of companies surveyed acknowledged that they had experienced at least one cloud security incident. Then, in mid-2023, 94% of companies surveyed reported that they were using at least some type of cloud service.
The popularity of moving IT to the cloud is undisputed, and the pace of cloud adoption is daunting. However, as companies move more IT services to the cloud, questions are being raised as to whether companies are prepared to manage cloud risks in areas including cybersecurity, data handling, intellectual property protection and governance.
“There are risks, and indeed more than half the organizations have had issues in the past year,” said KPMG in an article. “Among them are IT delays, data loss, productivity loss, application outages, regulatory compliance violations, and diminished ability to provide services.”
None of these are casual events. A cloud failure, or a major security or data breach, such as the recent ZeroedIn breach, can shake the reputation and even the very survival of a company. Yet many businesses don’t list cloud as a risk management issue.
Just what are the common risk management issues that companies do monitor and plan for?
Most revolve around dangers confronting the financial balance sheet, such as too many high-risk loans on the books if you are a financial institution, or too many suppliers in risky parts of the world if you are a manufacturer. Cyber breaches and IT disaster recovery have also become risk management concerns, but few organizations have extended risk management to their cloud services providers.
It is up to the CIO to bring this issue forward.
Cloud Risks Companies Should Manage For
The risks that using cloud services present include IT concerns such as security breaches, poor service, data handling, and confidentiality. But they also extend to liability, compliance, and insurability.
Here is a point-by-point review:
Cybersecurity and cyber insurance risks. Cyber insurance is still an evolving area that sees insurance companies lagging technology advances. This is a risk in itself, because insurance companies may not offer or extend coverage for security breaches that originate in the cloud.
Companies might also be unprepared. Most have already extended their business liability coverage to include cyber attacks against their networks, edge devices and internal IT. So, they might feel that they are covered, even if a breach occurs in the cloud. Unfortunately, existing corporate cyber insurance policies may not extend to insurance protection for a cloud-based catastrophic cyber event that occurs in an outside cloud service that the insured company is using.
Read the rest of this article in InformationWeek.