Press Release

CloudLock’s Q4 Cybersecurity Report Reveals Excessive Sharing In the Cloud is Top Concern for 83 Percent of Technology Firms

New data breaking down cloud risk by industry reveals that only 5 percent of organizations on average take active steps towards protecting credentials

Waltham, Mass. December 9, 2015 – The CloudLock CyberLab, CloudLock’s security intelligence arm, today released its Q4 Cloud Cybersecurity Report: “Riskiest Industries in the Cloud: Where Do You Stand?” The report analyzes 10 million users, 1 billion files, and over 91,000 applications, focusing on and breaking down risk in the Retail, Manufacturing, Healthcare, Financial Services, K-12, Higher Education, Government, and Technology industries. In the Technology industry, adoption of cloud technologies, as well as security awareness, is notably higher than that of other industries, with 83 percent of technology firms deeming excessive sharing a top cyber security concern.

Every organization shares five primary cloud cybersecurity concerns, regardless of what industry it is in: Account Compromise, Cloud Malware, Excessive Data Exposure, Over-Exposed Personally Identifiable Information (PII) and Payment Card Industry (PCI) Data, and Collaboration. On average, only 5 percent of organizations take active steps towards protecting credentials, which include attempts to identify instances of exposed credentials in public cloud environments.

Excessive Sharing

When it comes to excessive sharing, 83 percent of Technology organizations are concerned with ensuring access permissions to sensitive data are granted appropriately. This is followed by K-12 (77 percent), Financial Services (75 percent), Healthcare (72 percent) and Manufacturing (70 percent). Notably less focused on excessive sharing are Retail (66 percent), Government (60 percent) and Higher Ed (59 percent).

PII & PCI Exposure

Surprisingly, the Manufacturing industry showed, on average, the least concern for ensuring access permissions are granted appropriately for PII such as users’ Social Security Numbers, IDs, dates of birth, etc., (27 percent) and PCI (39 percent). Only 10 percent of Technology firms are focused on protecting PII, but 41 percent are concerned with PCI. Higher Ed is the most concerned with protecting PII (77 percent) and PCI (61 percent), with the huge database of student records, as well as credit card and banking information tied to large spending areas such as tuition, administrative and research funds.

Highest Concentrated Exposure of Risk

A whopping 99 percent of files in the Financial Services industry that are exposed to the general public, meaning they are accessible to anyone with a link, or searchable via search engines, can be attributed to exposure by only one percent of its users. This is followed by Higher Ed (84 percent), Government (80 percent), K-12 (78 percent), Manufacturing (77 percent) and Retail (76 percent). The Technology industry had the least concentrated exposure of risk, with only 68 percent of files that are exposed publicly are by that of the top one percent of users.

Additional key findings include:

  • Retail - The priority shared across the largest majority of retailers is Excessive Sharing, with 66 percent of organizations focusing on targeted security operations in this area. While this is the top shared priority within the retail industry, it is somewhat low compared with the cross-industries figure, which exceeds 70 percent. Additionally, 55 percent of retail companies are actively looking to detect instances of information governed by PCI-DSS compliance.
  • Manufacturing - Intellectual property (IP) is the lifeblood of manufacturing organizations, and their top priority is not just its existence, but its exposure, with 78 percent of organizations  aiming to identify risk of excessively exposed IP.
  • Healthcare - Across all industries, healthcare had the fewest data exposures. The highest priority in this industry is identifying and protecting PII, with 38 percent of organizations naming this as a key focus area.
  • Financial Services - This industry has a surprisingly low number of users creating data in the cloud, at just 44 percent. The top cloud security priority in this area is the excessive sharing of information (77 percent), which can be attributed to individual organizations touch thousands or even millions of personal records.
  • K-12 Education - Only one percent of K-12 institutions had a targeted focus on password protection, with 74 percent of K-12 institutions look for bad language and signs of cyberbullying and 70 percent of institutions are actively monitoring for instances of PII data.
  • Higher Education - Only 12 percent are looking for objectionable content as a security priority.
  • Government - When adopting cloud-based technologies, government agencies are highly focused on compliance, with 59 percent concerned with PII, 52 percent on data that seems confidential, 50 percent focused on PI, 41 on PCI and only 2 percent on password information
  • Technology - While excessive sharing was deemed to be the top concern, only three percent are focused on password information.


“While all industries are certainly evolving to make security a priority, each industry faces different risks and concerns that need to be addressed in a very specific and nuanced manner,” says CloudLock CEO and Co-Founder Gil Zimmermann. “We’re hoping this latest data will provide guidance for those who are wondering how they stack up against their peers, and possibly make them take notice of where they are falling behind when it comes to protecting critical information and assets.”

To download the latest Cybersecurity Report, please visit: Riskiest Industries in the Cloud: Where Do You Stand?

About CloudLock’s CyberLab

CloudLock is the only security vendor uniquely combining U.S. and Israeli Military Intelligence with real-time, crowdsourced cloud security insight. CloudLock continuously monitors over one billion files daily across more than 10 million users. Security professionals feed into CloudLock’s unique security insight through peer-driven, crowdsourced Community Trust RatingsTM. This intelligence allows organizations to immediately respond to emerging cloud cyber threats and risky apps.  

About CloudLock

CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser