Business impacts of the modern data breach

What happens when cloud is adopted without the input of the cybersecurity team and a readiness gap leads to a data breach?

Laeeq Ahmed

Laeeq Ahmed

Managing Director, GRC Technology, KPMG US

+1 818-227-6032

Brian Jensen

Brian Jensen

Managing Director, GRC Technology, KPMG LLP

+1 817-946-9552

A report in the Oracle and KPMG cloud threat 2020 series

In our 2020 cloud threat survey, Oracle and KPMG we wanted to understand the impacts resulting from the reliance on manual configuration management in today’s dynamic cloud environments; the limited use of controls at the data layer; the lack of pervasive usage monitoring to prevent masquerading, misuse, and malicious insider activities; and ultimately, the consequences when those issues lead to data loss. Explore in this report the frequency, causes, and business impacts of the modern data breach according to our research findings.


Data breaches are on the rise, further raising the profile of cybersecurity.

Nearly 9 in 10 organizations (88%) reported public cloud data loss in the past year, and the increasing frequency of high-profile attacks has elevated cybersecurity to a board-level conversation. However, on an industry-wide basis, that executive-level focus has yet to significantly improve the situation.


Privilege abuse, misconfigurations, and poor visibility are among the leading causes of data loss.

More than 35% of organizations reported experiencing at least one of these issues. Thus, despite the increased focus on cybersecurity overall, foundational practices such as encryption, access control, data masking, redacting, auditing, and enforcing separation of duties often remain overlooked and flawed, especially in cloud environments.


The impacts of a data breach can include both financial and human elements.

Most organizations (56%) report that as a result of public cloud data loss, they invested in additional cybersecurity technologies and services. However, the negative outcomes from a data breach can include financial elements such as lost revenue, brand damage, career impacts for key personnel and reduced shareholder value. Improvements across data controls, visibility, and identity via automation are needed to fortify cybersecurity programs.


More than half of organizations (51%) said they experienced data loss as a direct result of the misconfiguration of cloud services.

While there is no surefire way to guarantee avoidance of a data breach, improving configuration and patch management processes, data classification, identity and access management, and overall visibility into data access and usage are good starting points.