Heartbleed: 1173 to 86; Drown: 653 to 620
See the difference in the starting figures? 520. It likely means that a huge number of providers (cloud or otherwise) were not suspectible to Drown to begin with, because they ditched SSL v2 ages ago -- like any sensible person would have done.
So the majority of those 520 providers were never among the 33 companies which have responded to Drown, because they didn't need to.
You can't take numbers at face value and completely ignore that only stupid providers would still have been suspectible to Drown after it hit the headlines, because SSL v2 and v3 have been known to be unfit for purpose for quite some time now and sensible providers and sys admins would have known that.
Skyhigh Networks' Cloud Security Labs have discredited themselves, and El Reg shares the guilt for believing and blindly printing what the EMEA Marketing Director said...