Cloud breaches are surging, but enterprises aren’t quick enough to react

Cloud breaches are going undetected for hours or days, according to new research, with security workers pinning blunders on ‘alert fatigue’, fragmented tools, and clunky legacy applications.
While nearly two-thirds of organizations suffered a cloud security incident in the past year, only 9% were detected within the first hour, according to Check Point’s 2025 Cloud Security Report.
Notably, researchers found just 6% of incidents were remediated within the first hour, with 62% of enterprises taking more than 24 hours to fully recover.
Paul Barbosa, Check Point’s VP of cloud security, said the statistics paint a concerning picture for enterprises dealing with cloud security incidents. Speed and efficiency, he noted, are key factors in preventing long lasting damage.
“This is an obvious area of concern as any delay opens a window of vulnerability during which attackers can move laterally, exfiltrate data, or cause operational disruption,” Barbosa commented.
“The longer an incident takes to be detected and addressed, the greater the likelihood of escalation.”
When incidents are detected, two-thirds of the time it’s through end users, third parties or during audits, rather than through security tools.
What’s behind the rise in cloud breaches?
The biggest problems identified by Check Point include ‘alert fatigue’, which occurs when security practitioners are bombarded by an overwhelming volume of cybersecurity alerts. This information overload impacts their ability to effectively respond to genuine threats.
It’s an issue that’s been highlighted repeatedly by industry experts in recent years, largely due to the growing number of security tools and solutions used by organizations in daily activities.
Indeed, ‘tool sprawl’ was also highlighted by Check Point as a key factor in the sluggish response times outlined in its report. More than seven-in-ten organizations now operate with more than 10 separate cloud security tools, while almost half receive more than 500 alerts per day, many of which may be false positives.
Fundamentally, cloud growth is outpacing security readiness, Check Point noted. In the past year alone, 62% of organizations have expanded cloud edge technologies like secure access service edge (SASE), 57% have increased their hybrid cloud footprint, and 51% adopted multi-cloud strategies.
“This acceleration, while strategic, is fragmenting environments and straining legacy perimeter-based defenses — many of which were never designed to operate at this scale or complexity,” Barbosa said.
Confidence in AI security is also shaky
Unsurprisingly, AI is an important issue for security leaders, with Check Point revealing that nearly seven-in-ten organizations consider AI a strategic priority.
Confidence in defending against AI-powered threats is alarmingly low, however, with only a quarter of respondents saying they feel prepared to handle machine-driven attacks like automated evasion or malware generation.
Meanwhile, application-layer security is lagging behind, with six-in-ten organizations still relying on signature-based web application firewalls (WAFs) as their primary line of defense.
“As evasive app-layer threats and API attacks grow more sophisticated, legacy tools offer limited protection — and adoption of AI/ML-based detection remains inconsistent,” said Barbosa.
“There exists a clear need across organizations to modernize the application layer to strengthen overall cloud security posture.”
What can organizations do?
Check Point outlined a number of areas that enterprise security leaders should prioritize in the year ahead, including exploring the potential for automated, AI-based threat detection.
Similarly, they should invest in a unified, intelligent architecture that consolidates enforcement across layers and environments, without relying on many disconnected point products or siloed teams.
Naturally, reducing the volume of alerts security practitioners contend with on a daily basis is also a key priority, enabling cyber pros to focus on legitimate threats.
In doing so, the security firm noted this will optimize efficiency in security center operations and deliver long-term benefits.
MORE FROM ITPRO
Source link