Security Teams Struggle Amid Rapid Shift to Cloud-Based Operations

Published on
May 26, 2022

Research shows a lack of resources amid cloud surge

New York, NY, May 26, 2022 – Security executives recognize that most business technology systems will be maintained in a cloud environment moving forward, but are concerned that security teams are not equipped to manage the associated risk, according to a new study from CRA Business Intelligence, the research and content arm of cybersecurity information services company CyberRisk Alliance.

The study also reveals that even as some organizations learn and adopt “cloud-first” frameworks and procedures, others simply lift and shift their current applications to the cloud with little to no customization, creating the potential for significant long-term risks to their security posture.

The data and insights in this report are based on a survey conducted in April 2022 of 300+ IT and cybersecurity decision-makers and influencers in the United States, with respondents drawn from organizations of all sizes and industries. The study was sponsored by Bishop Fox and Invicti.

Among the study’s key findings:
• Thirty-seven (37%) percent of respondents reported their organization experienced a cloud-based attack or breach in the last two years. On average, this amounted to four attacks per victim since 2020.
• The number of cloud assets/workloads is growing among companies, with 55% of respondents running up to 50 assets/workloads in the public cloud and 56% on hosted clouds; on average respondents maintain 66 assets in either public or hosted clouds.
• As cloud-based assets/workloads increase, 50% of respondents are very concerned about their ability to secure their cloud systems, with 72% “extremely” or “very” concerned.
• When it comes to the top data security concerns in the cloud, respondents cite the following: Lack of detection/response, compromised users, misconfiguration, and inability to monitor changes within cloud environments.

“With 54% of respondents not experiencing a cloud-based attack or breach, lift and shift (33%) and cloud native (29%) strategies continue to dominate,” said Matt Alderman, EVP, Foresight at CyberRisk Alliance. “Our research shows a wide range of security solutions are being used to secure cloud environments, and over 90% of those surveyed indicated they are likely to invest more in cloud security over the next two years. However, selecting the right security solutions for cloud infrastructure creates a need for more education. Only software composition analysis (SCA) and application programming interface (API) security solutions are keeping up with customer expectations.”

The report outlines a series of best practices to help organizations better secure their cloud-based resources.

The full research report is available for download here.

About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, SecurityWeekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, and the peer-to-peer CISO membership network, Cybersecurity Collaborative. Click here to learn more.

About Bishop Fox
Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. Discover why our Cosmos platform was named Best Emerging Technology in the 2021 SC Media Awards and our offerings are consistently ranked as “world-class” by our customers. For more information, visit,

About Invicti Security
Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations enable customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,600 organizations of all sizes all over the world. For more information, visit our website or follow us on LinkedIn.

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.