Public cloud and web application vulnerabilities were analyzed in a recent report by CyCognito. According to the report, 74% of assets with personally identifiable information (PII) are vulnerable to at least one known major exploit, and one in 10 have at least one easily exploitable issue.

Seventy percent of web applications have severe security gaps, like lacking WAF protection or an encrypted connection like HTTPS, while 25% of all web applications (web apps) lacked both.

The typical global enterprise has over 12 thousand web apps, which include APIs, SaaS applications, servers and databases, among others. At least 30% of these web apps — over 3,000 assets — have at least one exploitable or high risk vulnerability. Half of these potentially vulnerable web apps are hosted in the cloud. 

Ninety-eight percent of web apps are potentially GDPR non-compliant due to lack of opportunity for users to opt out of cookies.  

Read the full report here.