Illumio Inc., the leading provider of breach containment, today released its Global Cloud Detection and Response Report 2025. The report is based on a global survey of 1,150 cybersecurity executives, including 150 from Germany. The results clearly show that lateral movement remains one of the most dangerous and difficult-to-detect tactics used by modern cyber attackers, revealing serious deficiencies in visibility, detection and response.
According to the study, 86% of German organisations surveyed experienced a security incident involving lateral movement last year, with an average of 6.6 hours of downtime per incident. German participants cite a lack of ability to interpret security-relevant data and a lack of correlation between behavioural patterns in cloud and on-premises environments as the biggest challenges in detecting lateral movement. This underscores the high demand for true contextualised observability.
Key findings for Germany:
- Cloud detection and response (CDR) is widespread but hardly satisfactory:
88% of German organisations use CDR tools, but 91% encounter significant challenges. The biggest challenges include a lack of context for meaningful prioritisation of alerts and overload from a flood of alarms – a clear signal for the need for more effective, context-rich CDR solutions.
- Visibility is lacking where it matters most:
83% of respondents say they monitor hybrid communication streams, and 75% monitor east-west traffic. Nevertheless, 38% of network traffic lacks the context needed for informed analysis. This fragmented visibility means that more than half of lateral movements go undetected.
- Alarm fatigue at record levels:
Security teams in Germany receive an average of 2,416 alerts per day – more than in any other country surveyed. 73% of German executives say their teams receive more alerts than they can effectively investigate – the international average is 67%.
- Missed alerts have a measurable impact:
93% of German organisations surveyed have had security incidents attributable to missed or uninvestigated alerts. On average, German organisations take 12.6 hours to detect a problem caused by a missed alert – slightly above the global average of 12.1 hours. Other consequences of missed or uninvestigated alerts include team burnout (26%) and downtime (21%).
- False alarms place a massive strain on security operations:
German security teams spend an average of 13.5 hours per week dealing with false alarms – caused by insufficient network visibility, poorly configured alert tuning and a lack of context. 79% say this impairs their ability to focus on real threats, and 30% report that it has led to delayed or missed responses to attacks – Germany is well above the global average of 21% in this regard.
Outlook: AI and ML as the key to breach containment
Looking ahead to 2026, German security teams are increasingly focusing on AI-based cloud observability, employee training and the zero-trust approach.
The top security priorities for 2026 in Germany are:
- Improving cloud detection and response (37%)
- Expanding AI/ML-supported capabilities (32%)
- Further training and talent acquisition (32%)
- Expanding and strengthening zero trust architecture (30%)
‘In today’s dynamic threat landscape, real-time visibility is not a nice-to-have – it is absolutely essential,’ explains Andrew Rubin, CEO and founder of Illumio. “In a hybrid network, it is crucial to rely on an AI-powered network security graph and focus on breach containment – that is the only scalable strategy. AI-powered observability must do more than just detect: it must quickly find threats and immediately and effectively prevent them from spreading.”
For more information, including global and regional insights, see the full report or blog.
Research methodology
The study was conducted by Vitreous World on behalf of Illumio between 1 and 13 August 2025. A total of 1,150 IT and cybersecurity decision-makers and key opinion leaders in the US, UK, Germany, France, Australia, Brazil and Japan were surveyed.
