How often are cloud cybersecurity breaches and vulnerabilities truly the fault of the cloud service provider (vs. customer)?

I'm doing some research into cloud computing and I was wondering how often a cybersecurity breach is the fault of the provider (e.g. AWS, Azure) as opposed to the fault of the customer's poor cybersecurity practices (e.g. lack of cybersecurity training, misconfigurations, etc.). For example, in the case of Paige Thompson and Capital One, articles seem to indicate that she was exploiting bad cybersecurity practices (e.g. misconfigured firewalls, improper roles).

Conversely, are there many prominent examples where there were cybersecurity …

aws azure breach breaches cloud cloud computing cloud service cloud service provider computing customer cybersecurity cybersecurity breach cybersecurity breaches cybersecurity practices cybersecurity training doing misconfigurations poor practices research service service provider training vulnerabilities