Skip to main content
HomeTopicsMisconfiguration

Misconfiguration

Cybersecurity statistics about misconfiguration

Showing 1-11 of 11 results

75% of sensitive data exposures begin with compromised identities or misconfigured permissions.

Netwrix6/15/2026
Data SecurityIdentity Compromise

An automotive parts marketplace database with over 7.7 million records was exposed via a misconfigured Elasticsearch instance in January 2026

PCA Cyber Security5/27/2026
Automotive CybersecurityAftermarket

7% of cybersecurity intrusions investigated resulted from actors gaining access through improperly configured application and infrastructure assets.

Google Cloud5/27/2026

Initial access by threat actors using misconfiguration, which accounted for 29.4% of incidents in the first half of 2025, dropped to 21% in H2 2025.

Google Cloud5/27/2026
Initial Access

Misconfigurations or gaps in security coverage materially enable attacks in over 90% of incidents.

Palo Alto Unit 422/22/2026
Gaps In Security Coverage

Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).

Cobalt9/30/2025
Financial servicesPen test

Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.

BreachLock8/11/2025
APIsData exposure

Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.

BreachLock8/11/2025
CloudPen testing

29% of SaaS incidents resulted from misconfigurations.

AppOmni7/15/2025
SaaS

77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks

Tenable3/19/2025
Cloud SecurityAI Security

45% of all vulnerabilities detected were SSL misconfigurations, but this percentage dropped to 33.5% by mid-2024.

CISA1/1/2025
SSLVulnerabilities