Cloud breaches are going undetected for hours or days, according to new research, with security workers pinning blunders on ‘alert fatigue’, fragmented tools, and clunky legacy applications.
While nearly two-thirds of organizations suffered a cloud security incident in the past year, only 9% were detected within the first hour, according to Check Point’s 2025 Cloud Security Report.
Notably, researchers found just 6% of incidents were remediated within the first hour, with 62% of enterprises taking more than 24 hours to fully recover.
Paul Barbosa, Check Point's VP of cloud security, said the statistics paint a concerning picture for enterprises dealing with cloud security incidents. Speed and efficiency, he noted, are key factors in preventing long lasting damage.
"This is an obvious area of concern as any delay opens a window of vulnerability during which attackers can move laterally, exfiltrate data, or cause operational disruption," Barbosa commented.
"The longer an incident takes to be detected and addressed, the greater the likelihood of escalation."
When incidents are detected, two-thirds of the time it's through end users, third parties or during audits, rather than through security tools.
What’s behind the rise in cloud breaches?
The biggest problems identified by Check Point include ‘alert fatigue’, which occurs when security practitioners are bombarded by an overwhelming volume of cybersecurity alerts. This information overload impacts their ability to effectively respond to genuine threats.
It’s an issue that’s been highlighted repeatedly by industry experts in recent years, largely due to the growing number of security tools and solutions used by organizations in daily activities.
Indeed, ‘tool sprawl’ was also highlighted by Check Point as a key factor in the sluggish response times outlined in its report. More than seven-in-ten organizations now operate with more than 10 separate cloud security tools, while almost half receive more than 500 alerts per day, many of which may be false positives.
Fundamentally, cloud growth is outpacing security readiness, Check Point noted. In the past year alone, 62% of organizations have expanded cloud edge technologies like secure access service edge (SASE), 57% have increased their hybrid cloud footprint, and 51% adopted multi-cloud strategies.
"This acceleration, while strategic, is fragmenting environments and straining legacy perimeter-based defenses — many of which were never designed to operate at this scale or complexity," Barbosa said.
Confidence in AI security is also shaky
Unsurprisingly, AI is an important issue for security leaders, with Check Point revealing that nearly seven-in-ten organizations consider AI a strategic priority.
Confidence in defending against AI-powered threats is alarmingly low, however, with only a quarter of respondents saying they feel prepared to handle machine-driven attacks like automated evasion or malware generation.
Meanwhile, application-layer security is lagging behind, with six-in-ten organizations still relying on signature-based web application firewalls (WAFs) as their primary line of defense.
"As evasive app-layer threats and API attacks grow more sophisticated, legacy tools offer limited protection — and adoption of AI/ML-based detection remains inconsistent," said Barbosa.
"There exists a clear need across organizations to modernize the application layer to strengthen overall cloud security posture."
What can organizations do?
Check Point outlined a number of areas that enterprise security leaders should prioritize in the year ahead, including exploring the potential for automated, AI-based threat detection.
Similarly, they should invest in a unified, intelligent architecture that consolidates enforcement across layers and environments, without relying on many disconnected point products or siloed teams.
Naturally, reducing the volume of alerts security practitioners contend with on a daily basis is also a key priority, enabling cyber pros to focus on legitimate threats.
In doing so, the security firm noted this will optimize efficiency in security center operations and deliver long-term benefits.
MORE FROM ITPRO
-
Alphabet commits $85bn to cloud spend to meet demandNews Google tops up AI and cloud infrastructure spending amid AI boom and positive results
-
SharePoint flaw: Microsoft says hackers deploying ransomwareNews Fallout from the serious zero-day SharePoint vulnerability continues with Microsoft warning about ransomware attacks
-
SaaS security is now a major blind spot for enterprisesNews Rising SaaS security threats are being overlooked, new research shows
-
Gestion du cloud avancée : Qu'est-ce que StreamOne® et comment la plateforme peut-elle représenter un avantage pour votre entreprise, aujourd'hui et dans le futur?Sponsored Ne vous contentez pas d'acheter le cloud, maîtrisez-le. La plateforme StreamOne® de TD SYNNEX offre une puissante approche écosystème de la gestion avancée du cloud, dépassant largement les limites d'une marketplace classique...
-
Hybrid cloud has hit the mainstream – but firms are still confused about costsNews How do you know if it's a good investment if you don't have full spending visibility?
-
Turns out OpenAI is the customer behind Oracle's mysterious $30 billion cloud dealNews OpenAI has emerged as the company behind a $30 billion cloud deal with Oracle following several days of speculation.
-
Alibaba targets European cloud gains with new AI strategyNews Alibaba Cloud has launched a new suite of AI solutions as part of a strategy to foster closer ties with European enterprises.
-
Global cloud spending might be booming, but AWS is trailing Microsoft and Google
News AWS might be the industry leader by market share, but sluggish growth in Q1 was eclipsed by Microsoft and Google
-
Crayon targets mid-market gains with expanded Google Cloud partnershipNews The collaboration will enable mid-market channel partners to deliver Google Cloud’s AI technologies and cloud solutions
-
AI security and compliance concerns are driving a private cloud boomNews A new survey suggests AI workloads may be a serious motivation behind moving back to private cloud and on-premise infrastructure
