More Australian businesses use the cloud for sensitive data: Intel Security

In its latest research, Intel Security has found that 78 percent of Australian businesses using cloud services are storing their sensitive data there.

Intel Security's latest research has found that 76 percent of Australian businesses are using cloud services, with 78 percent of those organisations using it to store sensitive data.

In compiling Australian Business Attitudes to Cloud Adoption and Sensitive Data Management, Intel Security surveyed 452 senior business leaders in the country to gain a snapshot of the uptake of cloud services and the management of their sensitive data within the cloud.

More than half of the 19 percent that are not using the cloud said they are planning to use it, with Intel Security saying the future is moving towards a cloud-based environment.

"We're really moving to a world where the use of cloud services will be almost universal ... those that are not now are planning to in the near future," Joel Camissar, Intel Security's director of Service Provider, MSP and Cloud Business for Asia-Pacific, said.

Camissar said this has also brought to the forefront security concerns not previously thought of, such as the off-site hosting of sensitive data.

According to the research, personally identifiable information -- such as tax file numbers, home and email addresses, and dates of birth -- is the biggest type of data being stored in the cloud, with 70 percent of respondents admitting this was the case in their organisation.

Of those surveyed, 64 percent said their company's proprietary documentation of processes and procedures were stored in the cloud; 48 percent store network passwords in the cloud; and 48 percent store competitive data, such as market analysis or competitors' information.

Camissar said those responding from larger businesses had less visibility over what information is stored in the cloud.

"Australian organisations are putting cloud first, and security and privacy second -- or last," Camissar said.

"Of the 76 percent using the cloud, the top consideration for them choosing a cloud service provider was robustness or continuity of service."

The research, carried out by Sydney-based StollzNow Research, found that 52 percent of cloud-using businesses did not carry out a risk assessment or establish a Service Level Agreement before signing on the dotted line with the chosen provider, while 44 percent did not consider the location of the cloud infrastructure, and 37 percent did not check if the provider met the standards set out in the Australian Privacy Act.

The research found that across Australian businesses, Dropbox is the most common file transfer platform used, claiming 47 percent of the share, followed by OneDrive, with 41 percent, and Google Drive, at 35 percent.

When it comes to data breaches, Australian businesses are most worried about the risk of damaging their reputations and less likely to be concerned about the financial penalties. Intel Security performed a similar survey in 2013, which found that 50 percent of respondents were more concerned with the potential financial repercussions that a data breach would have on their organisation, as opposed to the 2016 figure of 33 percent.

The research also revealed an increase in businesses keeping quiet about data breaches since 2013, with 26 percent of organisations not telling anyone they have experienced a breach, compared with 18 percent three years ago.

Organisations currently do not have to disclose that they have experienced a breach.

Shadow Attorney-General Mark Dreyfus told ZDNet last month that should the opposition party win the upcoming federal election, it would move to get the stalled data breach-notification laws passed.

Australia is currently without data breach-notification laws, despite the Joint Parliamentary Committee on Intelligence and Security recommending in February 2015 that Australia have such laws in place before the end of 2015, prior to the implementation of the data-retention laws that Labor voted to introduce.

Last month, online classifieds site Gumtree Australia admitted it had been hacked, specifying that email addresses, contact names, and phone numbers were accessed in the breach. Despite taking a week to tell account holders, Gumtree maintained that users' passwords had not been obtained by hackers.

Australian department store David Jones revealed in October that customer details were stolen as a result of its website being hacked on September 25, 2015.

The retail giant said no customer credit card information, financial information, or passwords were stolen, as it does not store any credit card information or financial information on its website, but said the customer details that were stolen were names, email addresses, order information, and mailing addresses.

The breach came a day after Australian discount homewares chain Kmart revealed that it had also experienced a breach. The Wesfarmers-owned company said no customer credit card or other payment details had been compromised; however, customer's names, email addresses, home addresses, telephone numbers, and product purchase details had been accessed in the "external privacy breach" that occurred in early September.