Moving to the cloud helps secure your assets—but you should stay vigilant

ARTICLE | November 01, 2023

Authored by RSM US LLP

Cybersecurity has become a priority for middle market organizations, and many have moved to the cloud to better protect their digital assets. In fact, according to RSM’s most recent MMBI Cybersecurity Report, “around 91% of executives feel their data is more secure in the cloud.”

If your organization hasn’t yet made the move to the cloud, it may be time to begin planning your data migration. But while the cloud enables several technology gains, it may not be the complete “set it and forget it” answer that management is looking for. Your cloud vendor is only responsible for the security and reliability of your infrastructure inside its platform, which leaves many vulnerabilities cyber criminals can exploit. 

Regardless of your business’ size and industry and considering the limited security offered by cloud providers, you should assume that your organization will be targeted. By taking a proactively defensive approach to cloud security, you can reduce the likelihood of a breach. Here are some key concepts to consider.

91% of executives feel their data is more secure in the cloud, according to RSM's most recent MMBI Cybersecurity Report

Start with a strong foundation

Creating an effective cloud-based security system to protect your infrastructure is not unlike protecting a home you’re building. The smaller the structure, the easier it is to manage; a larger footprint can allow you to add on to the home as your needs dictate. Either way, a solid foundation is key.

In the same vein, making security integral to your planned cloud migration is critical. Since virtually every major data breach over the past two decades can be traced to a lack of foundational security, you’ll want to take a strategic approach and invest adequate time and resources in the planning stage. Outside guidance from experienced advisors can prevent many headaches and complications down the road.

You’ll also want to prioritize identity access management (IAM) tools like multi-factor authentication and password management as early as possible. It’s been estimated that 86% of data breaches have occurred because bad actors used false credentials to gain access. Other significant break-ins occur because of lax oversight of employee and contractor access and failure to cancel credentials from former employees.

86% of data breaches have occurred because bad actors used false credentials to gain access.

Know what your cloud provider covers

Cloud vendors have invested vast sums into protecting their clients’ digital assets, but these protections may actually contribute to a false sense of security for many organizations.

It’s easy to think that since your provider has state-of-the-art 24/7 security, you won’t need to invest as much in protecting your assets in the cloud. The reality is that cloud vendors make sure your company’s infrastructure built inside its platform is secure, but areas like application management, network configuration, and encryption are your responsibility—and they’re also where your defenses may be weakest.

96% of executives familiar with the GDPR said preparing for emerging privacy laws and regulations is a priority. That’s likely because organizations that need to observe strict regulatory requirements are under additional scrutiny. To meet tough compliance rules you may need security measures that go above normal standards. These issues should be addressed in the early stages of your digital migration so they are an integral part of the overall security design.

Also, be aware that cloud providers do not all offer the same security. If you migrate from one cloud to another, be sure that you perform all security checks.

Insure against a breach

In addition to the important work of safeguarding your digital assets, your organization will want cyber insurance as a safety net in case of an attack. But be aware that this coverage won’t be cheap. 70% of respondents in RSM’s 2023 Cybersecurity Report noted increased policy premiums; only 2% saw a decrease. At the same time, the number and expense of cyberattacks in recent years have overwhelmed insurers, forcing them to increase premiums by nearly 30% and reduce coverage in many cases.

Even companies with good coverage report that their insurers are auditing security protocols to make sure adequate protection is in place. If you face a costly breach that your organization could have avoided with better security measures, an insurer can deny your claim. Ideally, you’ll have cyber coverage and cyber security that complement each other.

Your organization will want cyber insurance as a safety net in case of an attack.


of respondents noted increased policy premiums


of respondents noted decreased policy premiums


of premiums have been increased due to the expense of cyberattacks

Avoid “double gaps” with better coverage

If there is a subset of organizations most at risk for cybercrime, it’s likely companies with 5,000 employees or fewer. To attackers, these businesses appear as big targets with valuable digital assets. And they’re also most likely to be in a “double gap,” which refers to having two large cybersecurity vulnerabilities.

These organizations may have a security policy and structure that was state-of-the-art five years ago but hasn’t been updated as it should, leaving a dangerous opening. They also tend to rely on their hard-working IT teams to maintain digital operations and keep cyber defenses secure, but they may not have enough experienced security professionals to handle the volume of threats coming from every direction.

“If you want to go far, go together”

Before you can begin your migration to the cloud, there are several questions that need to be answered. Otherwise, you may find that your digital transformation doesn’t deliver the expected security and cost savings. Working with experienced, trusted advisors at RSM, you can benefit from an outside perspective of your security needs, a 360-degree view of risk, and customized solutions purpose-built for your organization.

Let's Talk!

Call us at +1 213.873.1700, email us at or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on 2023-11-01.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

​Vasquez & Company LLP is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.

For more information on how ​Vasquez & Company LLP can assist you, please call +1 213.873.1700.

Subscribe to receive important updates from our Insights and Resources.

  • Should be Empty: