The survey was conducted by the Cloud Security Alliance (CSA) together with Skyhigh Networks. It makes it clear that companies fear nothing more than the loss of reputation and trust. The publication of sensitive customer data, for example, would be the worst-case scenario for them. This is followed by the fear of financial damage - for example to replace the damaged IT infrastructure - and concerns about the loss or destruction of data.

Cyber attacks on companies are on the rise. Traditionally, criminals want to steal valuable data such as credit card numbers in order to sell them on. But increasingly, the stolen data is being used to extort ransoms. According to the study, 25% of respondents would pay a ransom in such a situation and 14% would even be prepared to pay over one million US dollars.

Lower costs are attracting more and more companies to the cloud

At the same time, the survey shows that companies are increasingly willing to move business-critical IT applications and their data to the cloud. For example, 36.3% of companies are already using a cloud-based CRM system and a further 21.7% are planning to switch to it. For human resources management solutions, 24.4% of companies are already in the cloud and 30.1% intend to follow suit. Even for accounting and financial applications, 14.2% of respondents currently use cloud-based systems and 28.4% are planning to switch. The survey paints a clear picture as to why: 71.8% of respondents cite lower investment and operating costs as the key advantage of cloud-based systems. 69.2% are pleased with the faster implementation of applications. Better usability of cloud systems, on the other hand, is only an important reason for just under half (49.4%) of companies.

Data in the cloud - but secure

Despite the increasing number of cyber attacks and data thefts in cloud services, the majority of respondents (around 65%) believe that cloud systems are at least as secure as on-premise applications. Only 35% believe that the cloud is less secure than their own company network.

According to the survey, respondents agree on what a cloud application needs to be considered secure. The most important feature (87.3%) is data access control. This allows access to certain data or cloud service functionality to be restricted based on users, devices, locations and operating systems, for example. This is followed by encryption options at 83.4%. It is particularly important for companies to retain control over the key. In this way, the data remains unreadable for everyone else - including the cloud service provider. Almost 74% of those responsible demand data loss prevention (DLP) options. This can, for example, automatically prevent sensitive information from being uploaded to the cloud.

"It boggles the mind that companies are actually prepared to pay ransoms of this magnitude. Although there is no one hundred percent security, the money is better invested in protective measures," comments Daniel Wolf, Regional Director DACH at Skyhigh Networks, on the study results. "Cloud access security brokers, for example, rigorously secure the corporate use of cloud services. With access controls, encryption and DLP policies, such solutions help to minimize the risk of data theft."