Cloud environments are evolving faster than many security teams can adapt. As hybrid, multi-cloud, edge, and SaaS adoption accelerates, organizations face fragmented systems, inconsistent controls, and widening attack surfaces. Threat detection is often delayed, tools are overwhelmed, and many defenses have become outdated, all while attackers are scaling and automating attacks.
Check Point commissioned a survey of over 900 CISOs and IT decision-makers in early 2025 to understand how security leaders are responding. The results reveal real challenges – but also opportunities to level up cloud security.
The following are six takeaways from this year’s report, as well as steps organizations can take today to strengthen their cloud security and resilience.
Cloud growth is outpacing security readiness
In the past year alone, 62% of organizations expanded cloud edge technologies like secure access service edge (SASE), 57% increased their hybrid cloud footprint, and 51% adopted multi-cloud strategies.
This acceleration, while strategic, is fragmenting environments and straining legacy perimeter-based defenses — many of which were never designed to operate at this scale or complexity.
Breaches are on the rise and often go undetected
The growing complexity of IT environments is fueling a sharp increase in security incidents.
Sixty-five percent of organizations experienced a cloud-related breach in the past year and the majority were not quickly identified. Only 9% of incidents were detected within the first hour, while 62% took more than 24 hours to remediate.
This is an obvious area of concern as any delay opens a window of vulnerability during which attackers can move laterally, exfiltrate data, or cause operational disruption. The longer an incident takes to be detected and addressed, the greater the likelihood of escalation.
Detection tools are falling short
Despite heavy investments in monitoring tools, many breaches aren’t being caught by the systems designed to detect them – a serious area of concern for cyber leaders.
Only 35% of organizations identified incidents through their security tools. Most detections came from end users, third parties, or during audits, exposing serious gaps in real-time threat visibility and undermining trust in traditional detection strategies.
Alert overload and tool sprawl are delaying response
Security operations centers are stretched thin. Seventy-one percent of organizations now operate with over 10 separate cloud security tools, and almost half receive more than 500 alerts per day, many of which may be false positives.
This tool sprawl and alert fatigue erode response times, overwhelm analysts, and make it increasingly difficult to prioritize risk effectively. Simplifying cloud security can allow for a more focused, priority-driven approach to threat detection and response.
AI is presenting both an opportunity and a threat
It should come as no surprise that AI is top of mind for security leaders. Nearly 7 in 10 organizations consider AI a strategic priority, but confidence in defending against AI-powered threats is alarmingly low.
Only 25% of survey respondents feel prepared to handle machine-driven attacks like automated evasion or malware generation — indicating a critical readiness gap in the face of a rapidly evolving threat landscape.
Application-layer security is lagging behind
The report also highlights a worrying weakness in application-layer security. Six of 10 organizations still rely on signature-based web application firewalls (WAFs) as their primary line of defense. As evasive app-layer threats and API attacks grow more sophisticated, legacy tools offer limited protection — and adoption of AI/ML-based detection remains inconsistent.
There exists a clear need across organizations to modernize the application layer to strengthen overall cloud security posture.
Helping cloud security keep pace with cloud threats
The Check Point Cloud Security Report 2025 shines a light on several significant challenges for cloud security professionals, but one theme rises above the rest: threats are growing and will continue to become more sophisticated with the use of AI, but many organizations still lack the tools, visibility, and automation to stop them.
As businesses continue to prioritize cloud investments, cloud security needs to keep pace to ensure cloud deployments don’t become a weak link in your defense strategy.
Here are three steps organizations can take to strengthen their cloud security:
- Prioritize automated, AI-based prevention and detection.
- Invest in unified, intelligent architecture that consolidates enforcement across layers and environments without relying on many disconnected point products or siloed teams.
- Reduce alerts and optimize SOC efficiency through tool consolidation and a focus on security that detects and prevents threats.
The Check Point advantage
Check Point is committed to helping organizations prevent cyber attacks across their entire IT footprint, including the network, cloud, and distributed workplace. Our hybrid mesh architecture provides a robust defense for total security across your hyperconnected world.
The Check Point Infinity Platform provides a powerful, AI-driven solution that simplifies and strengthens cloud security. By unifying security management across all environments – networks, cloud, endpoints, and more – it allows security professionals to maintain the full visibility and control they need to stop cyber attacks. Threats are detected and prevented faster, reducing complexity and creating efficiencies across your security teams.
Check Point CloudGuard protects hybrid and multi-cloud environments within the Infinity Platform. Cloud Guard prevents more threats to cloud deployments and enables the visibility and control to prioritize risks and identify and fix misconfigurations.
As reliance on the cloud continues to grow, the risks are greater than ever. But with the right strategies and solutions, organizations can become better prepared to detect more cloud security risks and stop threats.
To read the full Cloud Security Report 2025, download the report today.