Misconfiguration
Cybersecurity statistics about misconfiguration
Related Topics
Showing 1-11 of 11 results
75% of sensitive data exposures begin with compromised identities or misconfigured permissions.
An automotive parts marketplace database with over 7.7 million records was exposed via a misconfigured Elasticsearch instance in January 2026
7% of cybersecurity intrusions investigated resulted from actors gaining access through improperly configured application and infrastructure assets.
Initial access by threat actors using misconfiguration, which accounted for 29.4% of incidents in the first half of 2025, dropped to 21% in H2 2025.
Misconfigurations or gaps in security coverage materially enable attacks in over 90% of incidents.
Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).
Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.
Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.
29% of SaaS incidents resulted from misconfigurations.
77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks
45% of all vulnerabilities detected were SSL misconfigurations, but this percentage dropped to 33.5% by mid-2024.