UK Organisations Falling Short of Public Cloud Security Requirements, Against the Backdrop of a Major Spike in Cyber-Attacks – Reveals a New Report

Key takeaways

  • 96% of UK organisations now feel confident in the security offered by Public Cloud providers
  • Yet, despite this, what the platforms offer in terms of data protection is being misunderstood
  • Only a third of UK organisations have assessed their Public Cloud architecture in the past six months, which falls short of the continuous assessment recommended by leading cloud providers

London – 20 May 2020: A new report, published today, concludes that UK organisations are facing the ultimate stress test in protecting their Public Cloud architecture, as the pandemic sees new pressures applied – both in usage and cyber threats.

The survey, conducted by Opinion Matters and commissioned by AWS Premier Consulting and Managed Services Partner HeleCloud, discovered that while confidence in Public Cloud security has risen significantly among UK organisations (96%), there is a clear misunderstanding in what Public Cloud offers in terms of data protection.

Despite experts including the DCMS reporting a major spike in cyber-attacks since the pandemic began, only a third (38%) UK organisations have assessed their Public Cloud architecture in the past six months. This falls short of the continuous assessment advocated by leading Cloud providers and their partners, leaving UK businesses open to data leaks and attacks.

“It is not uncommon that organisations of all sizes overestimate what Public Cloud does in terms of cybersecurity and compliance. It is without a doubt the most secure platform for data. However, to ensure this level of security, organisations have obligations and duties under that they need to fulfil,” explains Dob Todorov, CEO and Chief Cloud Officer at HeleCloud.

Business leaders vs. Security team

There was, however, some disparity in how confident people in different roles were about how well their organisations were utilising the tech. While 91% of security leaders felt that their chosen Public Cloud architecture was being used to its full potential, only 77% of business leaders agreed or strongly agreed with this statement.

“To Public Cloud providers, personal data is just zeros and ones. To organisations, personal data is an information asset and needs to be protected as such. GDPR obligations are much more straightforward to fulfil in the Cloud but they are still the responsibility of the organisations collecting and managing personal data – which is in effect every organisation – and not of the Cloud Services Providers,” he says.

UK skills shortage continues

The report also confirmed that a lack of understanding around Public Cloud security requirements was, in part, due to a demand for specialised Cloud and security skills within UK organisations. In fact, 46% of UK SMEs and 43% of enterprise organisations believe the human error to currently be their biggest vulnerability. What’s more, 7% of UK organisations don’t think they’ve got any vulnerabilities at all, suggesting a lack of expertise in identifying and managing Public Cloud dangers.

The report also found that your understanding of this demand and its impact depends on who you are in the business. While 68% of security leaders strongly agreed that their teams possess the necessary specialist skills to keep their businesses safe from cyber threats, only 45% of IT leaders and 38% of business leaders felt the same way.

Frustratingly for many, the skills gap cannot simply be solved by hiring more people. 40% of UK organisations noted a timeline of between four and six months to hire people with the specialist Cloud experience needed.

“When it comes to security you’re only as strong as your weakest link. To tackle this, a holistic approach to security is required as no area can be ignored. However, organisations must not attempt this alone. Partners with specific Public Cloud security competencies under their belt should always be first on the list when it comes to solving security and compliance challenges in complex AWS architectures. Organisations don’t know, what they don’t know. This means that if an expert in Public Cloud security is not present, the architecture will not be held up to objective scrutiny and their exposure is much higher than they think or are able to tolerate,” continues Todorov.

To manage the risk of huge data losses, the report suggests that businesses look to Public Cloud partners, allowing access to expertise on how to best safeguard their Public Cloud environments without the need to wait six months to get it.

Read the full report here.


In March this year, Opinion Matters conducted a survey, on behalf of AWS consulting and managed services partner HeleCloud, into how UK organisations are managing cybersecurity and compliance in a Cloud-based world. The survey asked over 250 business, IT and security leaders at UK organisations using Public Cloud about their opinions, practices, and concerns.

About HeleCloud

HeleCloud™ is an Amazon Web Services (AWS) Premier Consulting Partner of the AWS Partner Network (APN) with offices in the UK, the Netherlands and Bulgaria that helps enterprises of all sizes establish Cloud vision and execute Cloud strategies through their industry-leading Cloud Roadmap methodology. The team also provides Cloud managed services to further amplify Cloud benefits and enable enterprises to focus on their core business and customers. In addition to these services the team recently acquired a team of experts that specialize in Open Source consulting, engineering and training company active in more than 20 countries worldwide.

HeleCloud’s team of professionally trained consultants and engineers are well-grounded in all aspects of Cloud solutions, with specialist expertise in the competencies of Security and Compliance; Big Data, Analytics and IoT; and Microsoft Enterprise Applications on AWS.

Press contacts

Aisling Roberts, +44 (0) 207 973 5909