As enterprises race toward an AI-powered future, a new global study warns that cloud security is struggling to keep up.
The 2026 State of Cloud Security Report reveals a widening “complexity gap,” where the rapid expansion of hybrid, multi-cloud and AI-driven environments is outpacing organizations’ ability to maintain visibility, detection and response.
Sponsored by Fortinet and produced by Cybersecurity Insiders, the report is based on a survey of 1,163 senior cybersecurity leaders and professionals worldwide. Its findings point to a structural mismatch between the velocity of cloud innovation and the operational capacity of security teams tasked with defending it.
Structural mismatch widens
According to the study, the growing divide between cloud complexity and resilience is not due to a lack of investment. Cybersecurity budgets are increasing, yet the maturity and effectiveness of defenses are failing to keep pace with new digital use cases, many of which now include AI components.
The result is a security posture that is expanding in cost and scope, but not necessarily in cohesion or performance.
Three drivers of the complexity gap
The report identifies three reinforcing factors behind the widening gap:
Fragmented defenses
As cloud adoption grows, so does the number of security tools. However, these solutions are often deployed without coordination, resulting in disconnected platforms, inconsistent controls and limited end-to-end visibility. Nearly 70 percent of respondents cite tool sprawl and visibility gaps as primary obstacles to effective cloud security. Security teams are left manually correlating alerts across systems not designed to work together.
Stretched-thin teams
Technology fragmentation is compounded by a persistent skills shortage. Seventy-four percent of respondents report an active shortage of qualified cybersecurity professionals, while 59 percent say their organizations remain in the early stages of cloud security maturity. The lack of skilled talent leaves teams overextended, increasing the risk of delayed responses and missed signals.
Threats operating at machine speed
Threat actors are leveraging automation and AI to identify misconfigurations, map permission paths and expose sensitive data faster than human-led defenses can respond. More than 80 percent of respondents admit they lack strong confidence in their ability to detect and respond to cloud threats in real time — a 16-point increase from last year’s survey.
Hybrid and multi-cloud add pressure
Cloud environments are inherently complex, even when built on a single provider. Distributed architectures, dynamic identities and intricate data flows already pose significant management challenges.
That complexity intensifies in hybrid and multi-cloud deployments. The survey shows that 88 percent of organizations now operate hybrid or multi-cloud environments, up from 82 percent last year. Among them, 81 percent rely on two or more cloud providers for critical workloads, and 29 percent use more than three.
Each additional provider, service and user introduces new configurations and data pathways — effectively expanding the attack surface.
From point tools to unified ecosystems
In response, organizations are rethinking their approach to cloud security. The report signals a shift away from isolated, function-specific point tools toward unified security ecosystems.
If starting from scratch, 64 percent of respondents say they would adopt a single-vendor platform integrating network, cloud and application security. Security teams report being overwhelmed by the integration demands of multi-vendor tools and are seeking consolidated platforms with shared data models and coordinated enforcement.
Beyond simplifying operations, consolidation is viewed as a path to stronger protection — improving visibility, accelerating detection and response, and enabling proactive threat exposure management.
A critical foundation for AI growth
For organizations pursuing AI strategies, the stakes are even higher. Hypergrowth, fragmentation, talent shortages and AI-driven threats are converging at a time when digital transformation is accelerating across industries.
Bambi Escalante, Country Manager for the Philippines at Fortinet, said rapid cloud and AI adoption in the country is fueling digital expansion but also increasing operational complexity across hybrid and multi-cloud environments.
“As organizations balance innovation with limited security resources, visibility, automation and integrated security approaches become essential,” she said. “Building strong security foundations is key to reducing complexity, protecting trust and strengthening resilience as the country’s digital economy continues to scale.”
The report underscores a clear message: without structural changes to how cloud security is designed and operated, the complexity gap will continue to widen — and adversaries moving at machine speed will exploit it.
READ MORE TECH NEWS.
