Abuse of Amazon and Google infrastructure is responsible for more than 15% of attacks, up from 11% in 2024.

90% of security operations leaders say supporting data sources from multi-cloud and hybrid-cloud environments is very or extremely important for their SIEM, highlighting the continued need for data pipeline management.

97% of organizations prioritize consolidating their cloud security footprint due to tool sprawl.

89% of organizations believe that cloud and application security must be fully integrated with the SOC.

28% of organizations reported unrestricted network access between cloud workloads as a growing threat.

As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.

33% of raw CSPM alerts were identity-related, contributing to the operational burden on security teams.

71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.

44% of true-positive security alerts from cloud security tools in Q3 2025 were driven by identity-related weaknesses.

99% of cloud identities were found to be over-privileged, creating significant security risks.

52% of all confirmed identity-based alerts were due to identity-related privilege escalation.

6% of the security staff budget for Fortune 500 organizations with 50+ security FTEs is allocated to Cloud security.

Optimizing cloud security is a top security convergence goal for 36% of US organizations.

36% of respondents in Italy identify optimizing cloud security as a top security convergence goal.

45% of respondents in Japan identify optimizing cloud security as a top security convergence goal.

Optimizing cloud security is a top security convergence goal for 43% of organizations in France.

32% of respondents in Spain identify optimizing cloud security as a top security convergence goal.

Optimizing cloud security is a top security convergence goal for 39% of German organizations.

AI (38%) and Cloud security (32%) are the top two areas where organisations are prioritising the use of managed services

The top three investment priorities when allocating cyber budgets are: Artificial intelligence (AI) (36%), Cloud security (34%), and Network security and zero trust (28%).