CloudLock's Q4 Cybersecurity Report Reveals Excessive Sharing in the Cloud Is Top Concern for 83 Percent of Technology Firms

New Data Breaking Down Cloud Risk by Industry Reveals That Only 5 Percent of Organizations on Average Take Active Steps Towards Protecting Credentials

WALTHAM, MA--(Marketwired - Dec 9, 2015) - The CloudLock CyberLab, CloudLock's security intelligence arm, today released its Q4 Cloud Cybersecurity Report: "Riskiest Industries in the Cloud: Where Do You Stand?" The report analyzes 10 million users, 1 billion files, and over 91,000 applications, focusing on and breaking down risk in the Retail, Manufacturing, Healthcare, Financial Services, K-12, Higher Education, Government, and Technology industries. In the Technology industry, adoption of cloud technologies, as well as security awareness, is notably higher than that of other industries, with 83 percent of technology firms deeming excessive sharing a top cyber security concern.

Every organization shares five primary cloud cybersecurity concerns, regardless of what industry it is in: Account Compromise, Cloud Malware, Excessive Data Exposure, Over-Exposed Personally Identifiable Information (PII) and Payment Card Industry (PCI) Data, and Collaboration. On average, only 5 percent of organizations take active steps towards protecting credentials, which include attempts to identify instances of exposed credentials in public cloud environments.

Excessive Sharing
When it comes to excessive sharing, 83 percent of Technology organizations are concerned with ensuring access permissions to sensitive data are granted appropriately. This is followed by K-12 (77 percent), Financial Services (75 percent), Healthcare (72 percent) and Manufacturing (70 percent). Notably less focused on excessive sharing are Retail (66 percent), Government (60 percent) and Higher Ed (59 percent).

PII & PCI Exposure
Surprisingly, the Manufacturing industry showed, on average, the least concern for ensuring access permissions are granted appropriately for PII such as users' Social Security Numbers, IDs, dates of birth, etc., (27 percent) and PCI (39 percent). Only 10 percent of Technology firms are focused on protecting PII, but 41 percent are concerned with PCI. Higher Ed is the most concerned with protecting PII (77 percent) and PCI (61 percent), with the huge database of student records, as well as credit card and banking information tied to large spending areas such as tuition, administrative and research funds.

Highest Concentrated Exposure of Risk
A whopping 99 percent of files in the Financial Services industry that are exposed to the general public, meaning they are accessible to anyone with a link, or searchable via search engines, can be attributed to exposure by only one percent of its users. This is followed by Higher Ed (84 percent), Government (80 percent), K-12 (78 percent), Manufacturing (77 percent) and Retail (76 percent). The Technology industry had the least concentrated exposure of risk, with only 68 percent of files that are exposed publicly are by that of the top one percent of users.
Additional key findings include:

  • Retail - The priority shared across the largest majority of retailers is Excessive Sharing, with 66 percent of organizations focusing on targeted security operations in this area. While this is the top shared priority within the retail industry, it is somewhat low compared with the cross-industries figure, which exceeds 70 percent. Additionally, 55 percent of retail companies are actively looking to detect instances of information governed by PCI-DSS compliance.
  • Manufacturing - Intellectual property (IP) is the lifeblood of manufacturing organizations, and their top priority is not just its existence, but its exposure, with 78 percent of organizations aiming to identify risk of excessively exposed IP.
  • Healthcare - Across all industries, healthcare had the fewest data exposures. The highest priority in this industry is identifying and protecting PII, with 38 percent of organizations naming this as a key focus area.
  • Financial Services - This industry has a surprisingly low number of users creating data in the cloud, at just 44 percent. The top cloud security priority in this area is the excessive sharing of information (77 percent), which can be attributed to individual organizations touch thousands or even millions of personal records.
  • K-12 Education - Only one percent of K-12 institutions had a targeted focus on password protection, with 74 percent of K-12 institutions look for bad language and signs of cyberbullying and 70 percent of institutions are actively monitoring for instances of PII data.
  • Higher Education - Only 12 percent are looking for objectionable content as a security priority.
  • Government - When adopting cloud-based technologies, government agencies are highly focused on compliance, with 59 percent concerned with PII, 52 percent on data that seems confidential, 50 percent focused on PI, 41 on PCI and only 2 percent on password information.
  • Technology - While excessive sharing was deemed to be the top concern, only three percent are focused on password information.

"While all industries are certainly evolving to make security a priority, each industry faces different risks and concerns that need to be addressed in a very specific and nuanced manner," says CloudLock CEO and Co-Founder Gil Zimmermann. "We're hoping this latest data will provide guidance for those who are wondering how they stack up against their peers, and possibly make them take notice of where they are falling behind when it comes to protecting critical information and assets."

To download the latest Cybersecurity Report, please visit: Riskiest Industries in the Cloud: Where Do You Stand?

About CloudLock's CyberLab
CloudLock is the only security vendor uniquely combining U.S. and Israeli Military Intelligence with real-time, crowdsourced cloud security insight. CloudLock continuously monitors over one billion files daily across more than 10 million users. Security professionals feed into CloudLock's unique security insight through peer-driven, crowdsourced Community Trust Ratings™. This intelligence allows organizations to immediately respond to emerging cloud cyber threats and risky apps.  

About CloudLock
CloudLock, the leading CASB and Cloud Cybersecurity-as-a-Service provider, offers the Cloud Security Fabric™ enabling enterprises to protect their data in the cloud, reduce risk, achieve compliance, manage threats and increase productivity by continuously monitoring and protecting more than one billion files for more than 10 million end users daily. CloudLock delivers the only complete, risk-appropriate and people-centric approach to cloud cybersecurity. Learn more at

Contact Information:

Lisa Mokaba