Alarming vulnerabilities threaten trust, time and digital flexibility
With the digital transformation, migration to the cloud continues to advance rapidly. Companies are increasingly relying on hybrid, multi-cloud and edge architectures to increase agility and innovation. But while IT landscapes are evolving quickly, security strategies often lag behind. The latest Cloud Security Report 2025 from Check Point® Software Technologies Ltd. paints an alarming picture: 65 percent of the companies surveyed reported at least one cloud security incident in the past year – an increase from 61 percent in the previous year. What is frightening is that only 9 percent of incidents were detected within the first hour and only 6 percent were resolved during this time. The reality is that attackers too often have enough time to spread undetected in cloud environments.
The report is based on a global survey of 937 IT executives, CISOs, cloud architects and security analysts. It highlights that outdated security models, alert fatigue and a lack of visibility into lateral movement are key vulnerabilities. At the same time, the gap between technological innovation and cyber resilience is growing. ‘Security professionals are chasing an ever-changing target,’ explains Paul Barbosa, VP of Cloud Security at Check Point Software Technologies. “With increasingly complex cloud environments and improved AI threats, organisations cannot afford to stick with fragmented tools and outdated approaches. It’s time to move to unified, intelligent and automated defences tailored to the reality of the decentralised world.”
A key finding of the report is that the adoption of new cloud technologies is outpacing the security preparations of many organisations. Already, 62 percent of respondents have implemented cloud edge technologies, 57 percent use hybrid clouds, and 51 percent rely on multi-cloud environments. Traditional perimeter security models are no longer sufficient for these fragmented, dynamic infrastructures. The attack surface grows with every new platform, every new vendor, and every expansion of the system landscape.
The speed with which security incidents are detected and resolved is particularly critical. While attackers often strike within minutes, the report says that companies frequently need more than 24 hours to resolve incidents – 62 percent of the organisations surveyed said they exceed this timeframe. This gives attackers ample opportunity to move around the environment and expand their access rights. This is underscored by another alarming finding: only 17 percent of companies have full visibility into lateral movements – i.e., east-west traffic within their cloud environments. Once attackers have breached the outer wall of protection, they can move around inside largely undetected.
Another serious problem is alert fatigue. Many companies struggle with a flood of security alerts caused by a large number of parallel tools. 71 percent of respondents use more than ten different cloud security products, and 16 percent use more than fifty. This tool fragmentation leads to an enormous amount of analysis work. More than half of companies receive around 500 security alerts every day. As a result, response times are getting longer, prioritisation is difficult and analysts are coming under increasing pressure.
In addition, many organisations continue to rely on outdated technologies for application security. 61 per cent rely on classic, signature-based web application firewalls (WAFs), even though these are hardly effective against modern, AI-powered threats. The threat potential posed by artificial intelligence has long been recognised: 68 percent of the companies surveyed see AI as a priority component of their cyber defence strategy. Nevertheless, only 25 percent feel adequately prepared to deal effectively with AI-driven attacks. This discrepancy reveals a dangerous skills gap that companies urgently need to close.
Another particularly worrying aspect is how security incidents are detected in the first place. According to the report, only 35 per cent of cloud incidents were identified by security monitoring tools. The majority were discovered by employees, during internal audits or through external reports. This raises questions about the effectiveness and integration of existing security platforms and shows that automated real-time detection often does not work.
In addition to technological weaknesses, the report also identifies internal challenges as a cause of security deficits. 54 percent of companies cite the rapid pace of technological change as a key obstacle, while 49 percent complain about a lack of qualified security experts. Added to this are problems such as tool fragmentation and inadequate integration of security solutions, which 40 percent of respondents cite as further hurdles. These factors further delay response times in the event of an incident – and make it easier for attackers.
Check Point sees the solution in a new approach to cloud security. The report recommends a paradigm shift towards decentralised, preventive strategies that focus on consolidation, automation and AI-based detection. Companies should consolidate their tool landscape, evaluate telemetry data in real time and create complete transparency across all cloud layers – from the edge to hybrid systems to multi-cloud architecture. With the Check Point CloudGuard and Check Point Infinity platforms, the company aims to address precisely these requirements. Both solutions enable unified security policy management, automated incident response and end-to-end visibility, regardless of cloud platform or provider.
Deryck Mitchelson, Global CISO at Check Point, warns: “Cloud transformation is happening faster than our security measures. With attackers striking within minutes and defenders taking days to respond, the gap between detection and remediation is becoming a danger zone. CISOs must consolidate fragmented tools into unified platforms, gain visibility into lateral movements, and prepare their teams and technologies to defend against AI-driven threats, or risk losing control of the cloud to increasingly sophisticated adversaries.”
The message of the Cloud Security Report 2025 is clear: those who continue to view cloud security as mere infrastructure protection risk losing core business assets – time, trust and flexibility. It is high time to understand cloud security as a business-critical enabler and address it with holistic, intelligent solutions.
