Cloud security gaps widen as AI threats outpace defences

Check Point has released its 2025 Cloud Security Report, revealing ongoing challenges faced by enterprises in protecting multi-cloud environments against evolving cyber threats.

The report draws on a global survey of more than 900 Chief Information Security Officers (CISOs) and IT leaders, offering detailed insights into cloud security priorities, operational risks, and emerging trends such as generative AI threats and increasing infrastructure complexity.

According to the findings, 65% of surveyed organisations experienced a cloud-related security incident in the past year, an increase from 61% the previous year. Only 9% detected incidents within the first hour, and just 6% were able to remediate breaches in that timeframe, providing cyber attackers with extended access across cloud environments.

Paul Barbosa, Vice President of Cloud Security at Check Point, commented, "Security teams are chasing an ever-moving target. As cloud environments grow more complex and AI-driven threats evolve, organizations can't afford to be stuck with fragmented tools and legacy approaches. It's time to shift toward unified, intelligent, and automated defenses designed for the realities of today's decentralized world."

The report's data indicates that cloud adoption is outpacing organisations' security readiness. While 62% of organisations have embraced cloud edge technologies, 57% deploy hybrid cloud models, and 51% operate in multi-cloud environments, many continue to rely on legacy, perimeter-based defences which prove inadequate for these distributed architectures.

Detection and remediation of security incidents remains a major challenge. Only 9% of organisations identified incidents within the first hour, while 62% required more than 24 hours to remediate breaches, giving attackers opportunities to escalate their access.

The prevalence of tool sprawl is another concern highlighted in the report. A significant 71% of respondents use more than 10 different cloud security tools, with 16% using over 50. As a result, more than half of these organisations contend with nearly 500 alerts daily, which hinders response times and overwhelms security analysts.

When addressing application security, the report finds that 61% of organisations still depend on outdated, signature-based Web Application Firewalls (WAFs). These legacy tools are increasingly ineffective against sophisticated, AI-enhanced cyber threats.

Artificial intelligence is a growing focus for cyber defence, with 68% of respondents ranking AI as a top priority. However, only 25% feel adequately prepared to counter AI-driven attacks, revealing a substantial gap in defensive capabilities.

Lateral movement within cloud environments - a tactic that enables attackers to navigate undetected once inside a network—remains a critical blind spot. Only 17% of organisations report having full visibility into east-west cloud traffic, making it easier for adversaries to avoid detection following an initial breach.

The report also points to shortcomings in threat detection mechanisms. Only 35% of cloud incidents were identified via security monitoring platforms. The majority were discovered by employees, routine audits, or through external reporting, demonstrating limitations in real-time threat detection systems.

Internal organisational challenges further complicate effective cloud security. Over half of respondents (54%) cite the rapid pace of technological change as a major hurdle, and 49% report a shortage of skilled security professionals. Tool fragmentation and inadequate integration (experienced by 40%) also contribute to slower response times and increased risk of undetected incidents.

In response to these ongoing issues, Check Point recommends organisations move toward decentralised, prevention-first cloud security strategies. This approach includes consolidating security toolsets, adopting AI-based threat detection, and deploying real-time telemetry to achieve comprehensive visibility across edge, hybrid, and multi-cloud infrastructures.

By using platforms such as Check Point CloudGuard and the Check Point Infinity Platform, the company suggests that organisations can unify cloud defences, automate incident response processes, and maintain consistent policy enforcement across all environments regardless of the underlying technology or provider.

Deryck Mitchelson, Global CISO at Check Point Software Technologies, provides guidance in the report and emphasises, "cloud transformation is accelerating faster than our defenses. With attackers moving in minutes and defenders responding in days, the gap between detection and remediation is becoming a danger zone. CISOs must consolidate fragmented tools into unified platforms, gain visibility into lateral movement, and prepare their teams and technologies to counter AI-driven threats, or risk ceding control of the cloud to increasingly sophisticated adversaries."

The 2025 Cloud Security Report was prepared by Cybersecurity Insiders, surveying 937 cybersecurity professionals worldwide, including CISOs, cloud architects, security analysts, and IT leaders. The research addresses how businesses securing hybrid, multi-cloud, and SaaS environments are responding to current threats, with particular focus on advancements such as artificial intelligence and the heightened complexity of modern cloud security.