Cloud breaches are going undetected for hours or days, according to new research, with security workers pinning blunders on ‘alert fatigue’, fragmented tools, and clunky legacy applications.
While nearly two-thirds of organizations suffered a cloud security incident in the past year, only 9% were detected within the first hour, according to Check Point’s 2025 Cloud Security Report.
Notably, researchers found just 6% of incidents were remediated within the first hour, with 62% of enterprises taking more than 24 hours to fully recover.
Paul Barbosa, Check Point's VP of cloud security, said the statistics paint a concerning picture for enterprises dealing with cloud security incidents. Speed and efficiency, he noted, are key factors in preventing long lasting damage.
"This is an obvious area of concern as any delay opens a window of vulnerability during which attackers can move laterally, exfiltrate data, or cause operational disruption," Barbosa commented.
"The longer an incident takes to be detected and addressed, the greater the likelihood of escalation."
When incidents are detected, two-thirds of the time it's through end users, third parties or during audits, rather than through security tools.
What’s behind the rise in cloud breaches?
The biggest problems identified by Check Point include ‘alert fatigue’, which occurs when security practitioners are bombarded by an overwhelming volume of cybersecurity alerts. This information overload impacts their ability to effectively respond to genuine threats.
It’s an issue that’s been highlighted repeatedly by industry experts in recent years, largely due to the growing number of security tools and solutions used by organizations in daily activities.
Indeed, ‘tool sprawl’ was also highlighted by Check Point as a key factor in the sluggish response times outlined in its report. More than seven-in-ten organizations now operate with more than 10 separate cloud security tools, while almost half receive more than 500 alerts per day, many of which may be false positives.
Fundamentally, cloud growth is outpacing security readiness, Check Point noted. In the past year alone, 62% of organizations have expanded cloud edge technologies like secure access service edge (SASE), 57% have increased their hybrid cloud footprint, and 51% adopted multi-cloud strategies.
"This acceleration, while strategic, is fragmenting environments and straining legacy perimeter-based defenses — many of which were never designed to operate at this scale or complexity," Barbosa said.
Confidence in AI security is also shaky
Unsurprisingly, AI is an important issue for security leaders, with Check Point revealing that nearly seven-in-ten organizations consider AI a strategic priority.
Confidence in defending against AI-powered threats is alarmingly low, however, with only a quarter of respondents saying they feel prepared to handle machine-driven attacks like automated evasion or malware generation.
Meanwhile, application-layer security is lagging behind, with six-in-ten organizations still relying on signature-based web application firewalls (WAFs) as their primary line of defense.
"As evasive app-layer threats and API attacks grow more sophisticated, legacy tools offer limited protection — and adoption of AI/ML-based detection remains inconsistent," said Barbosa.
"There exists a clear need across organizations to modernize the application layer to strengthen overall cloud security posture."
What can organizations do?
Check Point outlined a number of areas that enterprise security leaders should prioritize in the year ahead, including exploring the potential for automated, AI-based threat detection.
Similarly, they should invest in a unified, intelligent architecture that consolidates enforcement across layers and environments, without relying on many disconnected point products or siloed teams.
Naturally, reducing the volume of alerts security practitioners contend with on a daily basis is also a key priority, enabling cyber pros to focus on legitimate threats.
In doing so, the security firm noted this will optimize efficiency in security center operations and deliver long-term benefits.
MORE FROM ITPRO
-
Klarna CEO Sebastian Siemiatkowski's vision for customer service could be a nightmareOpinion Premium and ‘VIP’ customer service options that connect you with a real human worker sounds hellish
-
Latest ChatGPT update lets users record meetings and connect to tools like Dropbox and Google DriveNews New ChatGPT business tools aim at unlock corporate information sharing tools from Otter.AI, Zoom, Google and Microsoft
-
Enterprises are keen on cloud repatriation – but not for all workloadsNews A survey shows 97% of mid-market companies plan to repatriate some, but not all, workloads and apps
-
Reliance on US tech providers is making IT leaders skittishNews New research shows UK IT leaders want the government to take a stronger stance on sovereignty
-
TD Synnex named as UK distributor for CohesityNews The agreement will provide stability and consistency for Veritas partners transitioning to Cohesity’s partner program, the distributor said
-
Broadcom's 'harsh' VMware contracts are costing customers up to 1,500% moreNews An ECCO report says Broadcom hasn't solved customer complaints when it comes to licensing and contracts
-
Google is getting serious on cloud sovereigntyNews Google has joined Microsoft in bolstering its sovereign cloud services as tensions grow over US influence on big tech providers.
-
Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfactionNews New research from Gartner suggests a significant portion of enterprises will experience ‘dissatisfaction’ in their cloud journey in the coming years.
-
Enterprises are facing a ‘cloud security crisis’
News Businesses are facing a “cloud security crisis” fueled by increasingly fragmented hybrid environments, according to security firm Rubrik.
-
US Cloud case studies: HealthcareWhitepaper Save money, improve service quality, and address critical IT issues
