Despite increase in cybersecurity spend, organizations worldwide are struggling to keep their cloud environments secure. The complexity of modern infrastructures is growing faster than the resilience of security teams. These are the findings of Fortinet’s 2026 State of Cloud Security Report.
The extensive research, conducted by Cybersecurity Insiders among more than global 1,100+ cybersecurity leaders, paints a worrying picture. While companies are investing more in security, the maturity and effectiveness of cyber defenses are not keeping pace with the many new use cases that today often include an AI element.
The report highlights a critical gap between the hypergrowth of the cloud and the ability of teams to protect it.
Fortinet’s deep analysis of the survey data suggests that three reinforcing factors have created the complexity gap. These factors are:
- Fragmented defenses
Security solutions are expanding as cloud adoption continues to grow, but frequently without coordination. This results in disconnected tools, inconsistent controls, and limited end-to-end visibility. Cybersecurity teams are forced to manually correlate alerts from multiple systems that were not designed to work together, even though almost 70% of organizations say tool sprawl and visibility gaps are the top hindrances to an effective cloud security solution. - Stretched-thin teams
On top of systems that don’t work well together, organizations are struggling with a skills gap and the inability to hire enough competent cybersecurity professionals. This gap-within-the-gap leaves cybersecurity teams worldwide stretched thin, leading to slow responses and missed alerts or important signals. Seventy-four percent of those surveyed report an active shortage of qualified cybersecurity professionals, while 59% remain in the early stages of cloud security maturity. - Threats operating at machine speed
Threat actors are employing automation and AI to uncover misconfigurations, map permission paths, and identify exposed data faster than human-led defenses can respond. As the time between vulnerability and attack narrows, 66% of cybersecurity experts surveyed say they lack strong confidence in their ability to detect and respond to cloud threats in real time.
Cloud environments are inherently complex—even when built on a single provider—due to distributed architectures, dynamic identities, rapidly expanding services, and complex data flows. For many enterprises, this complexity is compounded by hybrid and multi-cloud deployments that include multiple public clouds, on-premises infrastructure, Software-as-a-Service (SaaS) applications, and distributed users and devices.
Fortinet survey shows that 88% of organizations now operate in hybrid or multi-cloud environments, up from 82% last year. Among them, 81% rely on two or more cloud providers to run critical workloads (up from 78% last year), and 29% report using more than three.
The surveyed experts’ conclusion indicates a clear shift away from function-specific point tools managed in isolation toward unified security ecosystems.
If they were starting from scratch now, 64% of respondents said they would design their cybersecurity strategy with a single-vendor platform that unites network, cloud, and application security.
Security teams want to eliminate time-consuming integration work and crave solutions that share information and implement security policies in a coordinated manner.
It is against the backdrop of the rise of AI strategies in businesses, a secure, consolidated foundation is no longer a luxury but a vital imperative for business continuity.
