Check Point Software Technologies Ltd. has published its 2025 Cloud Security Report, drawing insights from a global survey of over 900 CISOs and IT leaders. The report uncovers critical vulnerabilities such as alert fatigue, disjointed security tools, and limited capabilities to detect lateral movement or counter AI-powered threats—leaving many organizations at significant risk. It also outlines practical strategies to help bridge the gap between rapid cloud adoption and effective cyber resilience.
As hybrid, multi-cloud, and edge architectures expand, many organizations are relying on outdated security models that can’t keep up. According to the 2025 Cloud Security report, 65% of organizations experienced a cloud-related security incident in the past year- up from 61% the previous year. Alarmingly, only 9% detected the incident within the first hour, and a mere 6% managed to remediate it within that time frame, allowing intruders to remain undetected across cloud environments.
“Security teams are chasing an ever-moving target,” said Paul Barbosa, VP of Cloud Security at Check Point Software Technologies. “As cloud environments grow more complex and AI-driven threats evolve, organizations can’t afford to be stuck with fragmented tools and legacy approaches. It’s time to shift toward unified, intelligent, and automated defenses designed for the realities of today’s decentralized world.”
Key findings from the 2025 Cloud Security Report include:
- Cloud Adoption Outpaces Security Readiness: 62% of organizations have adopted cloud edge technologies, 57% use hybrid cloud, and 51% operate in multi-cloud environments. Legacy, perimeter-based defenses can’t keep up with these distributed infrastructures
- Detection and Remediation Are Too Slow: Only 9% of organizations detected an incident within the first hour. Meanwhile, 62% took more than 24 hours to remediate breaches—giving attackers ample time to escalate access
- Tool Sprawl is Fueling Alert Fatigue: A significant 71% of respondents rely on over 10 different cloud security tools, while 16% utilize more than 50. More than half of them face nearly 500 alerts daily hindering response times and overwhelming analysts
- Application Security Lags Behind: 61% still rely on outdated, signature-based Web Application Firewalls (WAFs), which are increasingly ineffective against sophisticated, AI-enhanced threats
- AI is a Priority — but Defenders Aren’t Ready: While 68% list AI as a top priority for cyber defense, only 25% feel prepared to counter AI-driven attacks, highlighting a critical capability gap.
- Lateral Movement Remains a Blind Spot: Only 17% of organizations have full visibility into east-west cloud traffic. Once attackers breach the perimeter, they can move undetected within cloud environments
- Detection Often Comes from People, Not Tools: Only 35% of cloud incidents were detected via security monitoring platforms. The majority were identified through employees, audits, or external reports—revealing alarming gaps in real-time threat detection
- Internal Challenges Undermine Progress: 54% cite the pace of technological change as a major hurdle, while 49% face a shortage of skilled security professionals. Tool fragmentation and poor platform integration (40%) further slow response times and exacerbate blind spots
To close these gaps, Check Point recommends a shift toward decentralized, prevention-first cloud security strategies. The report advises organizations to consolidate their toolsets, adopt AI-powered threat detection, and deploy real-time telemetry to gain full visibility across edge, hybrid, and multi-cloud environments. By leveraging Check Point CloudGuard and the Check Point Infinity Platform, organizations can unify their cloud defenses, automate incident response, and ensure consistent policy enforcement—regardless of platform or provider.
Deryck Mitchelson, Global CISO at Check Point Software Technologies provides guidance within the 2025 cloud security report and emphasizes that, “cloud transformation is accelerating faster than our defenses. With attackers moving in minutes and defenders responding in days, the gap between detection and remediation is becoming a danger zone. CISOs must consolidate fragmented tools into unified platforms, gain visibility into lateral movement, and prepare their teams and technologies to counter AI-driven threats, or risk ceding control of the cloud to increasingly sophisticated adversaries.”
To access the full 2025 Cloud Security report and receive actionable CISO advice for safeguarding against the cloud-related issues discussed, visit the website here.
Related News:
Quantum Force Branch Gateways Launch with 4x AI Threat Prevention
Check Point Unveils AI Security Report at the RSA Conference
About the Survey:
The 2025 Cloud Security Report, carried out by Cybersecurity Insiders in the beginning of 2025, gathered insights from 937 cyber security professionals across North America, Europe, Asia-Pacific, and other regions. Respondents included CISOs, cloud architects, security analysts, and IT leaders responsible for securing hybrid, multi-cloud, and SaaS environments. The study focused on how businesses using cloud services tackle security issues and highlight advancements, like artificial intelligence, emphasizing the complexity of modern cloud security.
