The findings indicate significant improvements in detection capabilities; 74% of organizations report they can identify and contain cloud-based attacks within a 24-hour timeframe. However, the speed of resolution lags considerably. One in three organizations requires more than a day to fully close an incident, and a concerning 9% report taking between a week and a month to resolve breaches. This delay poses serious implications for cybersecurity resilience across the industry.
A significant impediment to quick and effective response times is operational fragmentation. Half of the respondents stated that about 50% of analysts’ time is dedicated to correlating data rather than directly addressing threats. For 20% of analysts, this workload is even more pronounced, consuming up to 80% of their available time. The disconnect among cloud, application, and Security Operations Center (SOC) tools complicates the analysts’ ability to form a cohesive picture of ongoing attacks.
Among the report’s key findings is the alarming speed with which attackers now operate; breaches that once took an average of 44 days to materialize in 2021 can now occur in a mere 25 minutes, largely due to AI-assisted attack techniques. While detection has improved, the fact that one in three organizations still takes over a day to resolve incidents highlights the pressing need for enhanced incident response mechanisms.
The report further points out that cloud maturity does not correlate with reduced risk. Organizations that have been leveraging cloud resources for over five years report higher instances of SaaS misuse at 66% and misconfigured public access at 32%. These organizations are also more vulnerable to subtler forms of risk, including continuous oversharing between tenants and token abuse in automation.
Moreover, incidents are increasingly complex and interconnected. The report reveals that 70% of incidents now affect three or more attack surfaces, underscoring the critical importance of unified investigation and response strategies across cloud, network, endpoint, and identity layers. This complexity poses an additional challenge as defenders seek to counteract multifaceted attacks.
In terms of high-risk vulnerabilities, the report notes that 20% of organizations acknowledge that more than a quarter of their high or critical security issues remain unresolved in production for over 30 days. As attackers measure success in minutes, this delay can leave organizations dangerously exposed.
APIs and identity exposure are identified as primary drivers of contemporary breaches. The report indicates that API attacks saw a significant year-over-year increase of 41%. Overly permissive identity settings and compromised tokens are facilitating lateral movement and data exfiltration at unprecedented scales.
Drawing on insights from a global survey of more than 2,800 security and technology leaders across ten countries, including the U.S., the report emphasizes a pivotal moment for organizations. As cloud environments become increasingly complex and attack surfaces expand, operational fragmentation emerges as a critical bottleneck, inhibiting timely decision-making and remediation efforts. The gap between the speed of attackers and the capability of defenders continues to widen, posing significant risks for businesses navigating the evolving landscape of cybersecurity threats.
