Cloud breaches are going undetected for hours or days, according to new research, with security workers pinning blunders on ‘alert fatigue’, fragmented tools, and clunky legacy applications.
While nearly two-thirds of organizations suffered a cloud security incident in the past year, only 9% were detected within the first hour, according to Check Point’s 2025 Cloud Security Report.
Notably, researchers found just 6% of incidents were remediated within the first hour, with 62% of enterprises taking more than 24 hours to fully recover.
Paul Barbosa, Check Point's VP of cloud security, said the statistics paint a concerning picture for enterprises dealing with cloud security incidents. Speed and efficiency, he noted, are key factors in preventing long lasting damage.
"This is an obvious area of concern as any delay opens a window of vulnerability during which attackers can move laterally, exfiltrate data, or cause operational disruption," Barbosa commented.
"The longer an incident takes to be detected and addressed, the greater the likelihood of escalation."
When incidents are detected, two-thirds of the time it's through end users, third parties or during audits, rather than through security tools.
What’s behind the rise in cloud breaches?
The biggest problems identified by Check Point include ‘alert fatigue’, which occurs when security practitioners are bombarded by an overwhelming volume of cybersecurity alerts. This information overload impacts their ability to effectively respond to genuine threats.
It’s an issue that’s been highlighted repeatedly by industry experts in recent years, largely due to the growing number of security tools and solutions used by organizations in daily activities.
Indeed, ‘tool sprawl’ was also highlighted by Check Point as a key factor in the sluggish response times outlined in its report. More than seven-in-ten organizations now operate with more than 10 separate cloud security tools, while almost half receive more than 500 alerts per day, many of which may be false positives.
Fundamentally, cloud growth is outpacing security readiness, Check Point noted. In the past year alone, 62% of organizations have expanded cloud edge technologies like secure access service edge (SASE), 57% have increased their hybrid cloud footprint, and 51% adopted multi-cloud strategies.
"This acceleration, while strategic, is fragmenting environments and straining legacy perimeter-based defenses — many of which were never designed to operate at this scale or complexity," Barbosa said.
Confidence in AI security is also shaky
Unsurprisingly, AI is an important issue for security leaders, with Check Point revealing that nearly seven-in-ten organizations consider AI a strategic priority.
Confidence in defending against AI-powered threats is alarmingly low, however, with only a quarter of respondents saying they feel prepared to handle machine-driven attacks like automated evasion or malware generation.
Meanwhile, application-layer security is lagging behind, with six-in-ten organizations still relying on signature-based web application firewalls (WAFs) as their primary line of defense.
"As evasive app-layer threats and API attacks grow more sophisticated, legacy tools offer limited protection — and adoption of AI/ML-based detection remains inconsistent," said Barbosa.
"There exists a clear need across organizations to modernize the application layer to strengthen overall cloud security posture."
What can organizations do?
Check Point outlined a number of areas that enterprise security leaders should prioritize in the year ahead, including exploring the potential for automated, AI-based threat detection.
Similarly, they should invest in a unified, intelligent architecture that consolidates enforcement across layers and environments, without relying on many disconnected point products or siloed teams.
Naturally, reducing the volume of alerts security practitioners contend with on a daily basis is also a key priority, enabling cyber pros to focus on legitimate threats.
In doing so, the security firm noted this will optimize efficiency in security center operations and deliver long-term benefits.
MORE FROM ITPRO
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Global cloud spending might be booming, but AWS is trailing Microsoft and GoogleNews AWS might be the industry leader by market share, but sluggish growth in Q1 was eclipsed by Microsoft and Google
-
Crayon targets mid-market gains with expanded Google Cloud partnershipNews The collaboration will enable mid-market channel partners to deliver Google Cloud’s AI technologies and cloud solutions
-
AI security and compliance concerns are driving a private cloud boomNews A new survey suggests AI workloads may be a serious motivation behind moving back to private cloud and on-premise infrastructure
-
Enterprises are keen on cloud repatriation – but not for all workloadsNews A survey shows 97% of mid-market companies plan to repatriate some, but not all, workloads and apps
-
Reliance on US tech providers is making IT leaders skittishNews New research shows UK IT leaders want the government to take a stronger stance on sovereignty
-
TD Synnex named as UK distributor for CohesityNews The agreement will provide stability and consistency for Veritas partners transitioning to Cohesity’s partner program, the distributor said
-
Broadcom's 'harsh' VMware contracts are costing customers up to 1,500% moreNews An ECCO report says Broadcom hasn't solved customer complaints when it comes to licensing and contracts
-
Google is getting serious on cloud sovereigntyNews Google has joined Microsoft in bolstering its sovereign cloud services as tensions grow over US influence on big tech providers.
