The Top 1% of Users Who Can Take Down Your Organization Are all users created equal and is the cybersecurity risk distributed uniformly? That’s what we wanted to explore in our latest CloudLock…

The Top 1% of Users Who Can Take Down Your Organization

Ayse Kaya Firat

Part Data Scientist, part Data Artist, Ayse is Director of Customer Insights and Analytics.


Are all users created equal and is the cybersecurity risk distributed uniformly? That’s what we wanted to explore in our latest CloudLock CyberLab Report: Top 1% of Users Who Can Take Down Your Organization.

We hypothesized that some users were riskier than others – but we wanted to quantify who those users are and the precise risk they introduce.

The results of this analysis revealed a very surprising trend: just 1% of users represent 75% of cloud cybersecurity risk, with risk being calculated as a function of the user’s volume of
usage, potentially risky behavior, and violations of corporate security policy. Let’s dive deeper into these.

1% of Users Own 57% Of Cloud Assets


There is a significant disparity between the most active and least active users in terms of file ownership in the cloud. The top 1% of users own 57% of digital assets, while the top 5% own 81% of digital assets.

A cyberattack targeting these few power users could result in a substantial data breach for the company, risking a majority of the company assets. Here at CloudLock, we have seen data-dense accounts belonging to engineering and design users containing highly confidential blueprints and company intellectual property. You certainly do not want a bulk of this data to fall into the wrong hands.


Over 70% of Exposures Caused By 1% of Users

Continuing with the trend of disproportionate risk, we found that 1% of users account for 71% of organization-wide and 74% of public exposures of data. This trend is seen regardless of the industry the organization is a part of – no one can seem to escape this potential risk. The good news? By focusing on these few users, security teams can substantially decrease exposures in a short amount of time like some of our current customers have done.

Inter-Organization Collaboration

Focusing on users alone might not be enough anymore. With many companies starting to adopt the cloud and expand their supply chain with a growing network of partners, vendors, and clients, inter-organization collaboration increases the risk of cybercrime.

Citroen, a leading French car manufacturer, exemplified this risk when they experienced an embarrassing public breach due to a vulnerability in one of its ecommerce partners.

On average, organizations collaborate with 865 other organizations or domains via cloud applications. However, the top 25 of these collaborative organizations comprise 75% of the inter-organizational sharing. In addition, 70% of cloud-based sharing occurs with personal, non-corporate emails, so a great portion of this sharing is done inappropriately.

Managing risk, therefore, is very much about knowing who the top collaborative organizations and domains are.

Third-Party Applications

Third-party SaaS applications exchange data with other cloud apps, including corporate, sanctioned applications and often have extensive access scopes (for example, the capability to edit, delete, copy, and externalize information).

As such, apps are frequently targeted by cybercriminals as entry points into an organization, and malicious individuals will design counterfeit apps that appear to be legitimate for the same reason.Screen Shot 2015-09-10 at 14.09.54 PM

When looking into application installs, we found that out of the 91,000+ apps that we discovered, the top 25 apps in each organization accounted for about 65% of all installs. In the majority of instances, the top applications are tied to business functions, so the long tail of of third party apps is usually where the risk lies.

By focusing on the long tail of apps, you can uncover shadow IT without disturbing the business functions of the organization. In addition, our research revealed that 52,000 instances of applications are installed by highly privileged users, a number that should be zero given the fact that privileged accounts are highly coveted by malicious criminals.

Use The Findings To Your Benefit

Although the disproportionate cybersecurity risk across users, collaboration, and applications may seem daunting, it also provides an opportunity to  mitigate the risk rather quickly.

  1. Focus on the riskiest subset of users
  2. Pay attention to organizations that you collaborate with the most and then address the long tail of remaining organizations
  3. Understand what applications your users are using with a strong focus on apps that connect to your corporate environment.
  4. Correlate security events across multiple platforms, preventing cyber criminals from slipping through the cracks.

The 1% Who Can Take Down Your Organization

If cloud cybersecurity is of interest, you should find this report fascinating. Our analysis of user behavior across 10 million users, 1 billion files, and over 91,000 cloud applications, shows that 75% of the security risk can be attributed to just 1% of users. Read the full report for additional insights on cloud cybersecurity trends across users, collaboration, and applications.

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser