Cloud is a critical component of the modern enterprise and even more so as organizations look to drive their future with AI. While this strategy enables business speed and agility, it has expanded the attack surface faster than traditional security models can protect it.
Based on a comprehensive survey of 1,163 senior cybersecurity leaders and practitioners worldwide, the data reveals a widening cloud complexity gap: a structural mismatch between the velocity of modern cloud environments and security teams’ ability to maintain consistent visibility, detection, and response in real time. This gap is not driven by a lack of investment. Budgets are rising, yet maturity lags. The data suggests the problem is more fundamental, driven by three reinforcing factors:
• Fragmented defenses: As cloud adoption expands, security tooling proliferates alongside it, often without coordination. Disconnected tools, inconsistent controls, and siloed telemetry limit end-to-end visibility and force teams to manually correlate alerts across systems that were never designed to integrate. Consequently, 69% of organizations cite tool sprawl and visibility gaps as their top barrier to effective cloud security, with exposure increasingly emerging across identity, configuration, SaaS, and data domains rather than within any single control.
• Stretched teams: Persistent talent shortages amplify this fragmentation. Overextended teams rely on alert-driven workflows that slow response and increase the likelihood of missed signals. For instance 74% report an active shortage of qualified cybersecurity professionals, and 59% remain in early stages of cloud security maturity.
• Adversaries operating at machine speed: Attackers now use automation and AI to discover misconfigurations, map permission paths, and identify exposed data faster than human-led defenses can respond. As the window between exposure and exploitation compresses, 66% of organizations lack strong confidence in their ability to detect and respond to cloud threats in real time.
The findings increasingly point toward integrated frameworks, interoperable security approaches that consolidate visibility and enable automation grounded in shared context. This approach reduces operational friction and the risk of disruption, data compromise, and regulatory exposure. The remainder of this report explores how organizations are responding to close the cloud complexity gap.
