A new report, based on a survey of nearly 1,200 global cybersecurity leaders, exposes a critical complexity gap — a structural mismatch where rapid, AI-driven cloud adoption is outstripping security teams’ ability to maintain effective protection.
The study from Fortinet finds that 66 percent of organizations lack strong confidence in their ability to detect and respond to cloud threats in real time as threat actors leverage automation faster than human defenses can counter.
Nearly 70 percent of organizations cite tool sprawl and visibility gaps as the top barriers to effective cloud security, forcing teams to manually correlate alerts from disconnected systems not designed to work together.
In addition 74 percent report an active shortage of qualified cybersecurity professionals, while 59 percent remain in early stages of cloud security maturity, leaving teams dangerously stretched thin. 88 percent now operate hybrid/multi-cloud environments (up from 82 percent in 2025), with 81 percent relying on multiple providers for critical workloads, exponentially increasing attack surfaces. 64 percent would now choose a single-vendor security platform over point solutions if starting fresh, seeking unified ecosystems to reduce operational friction while strengthening protection.
Ram Varadarajan, CEO at Acalvio, says of the findings:
Fortinet’s 2026 findings confirm that the cloud ‘complexity gap’ has become a systemic risk, with AI-driven expansion now outpacing the ability of traditional, human-dependent defenses to respond in real-time. Defenders are expending finite resources against adversaries whose AI automation is driving attack costs toward zero, a gap that’s not going to be closed by adding more disconnected defensive security tools.
Clouds are going to continue to sprawl — that’s a reality. To be able to scale with the attackers, AI-first cloud security has to shift from reactive blocking to AI-driven preemptive defense; it’s bot-on-bot violence. We believe the key to scaling defense on the cloud will be to use an AI-driven, real-time deception fabric to target the known cognitive and computational limits of attacker AI, imposing asymmetric conditions of compounding uncertainty and computational exhaustion.
If they were starting from scratch now, 64 percent of respondents say they would design their cybersecurity strategy with a single-vendor platform that unites network, cloud, and application security. They want fewer platforms and ones that can be integrated with shared data models and coordinated enforcement.
Writing on the company’s blog Vincent Hwant, Fortinet’s director of products and solutions, says, “The data in this report paint a clear picture: For organizations to have the most effective cloud security, they must focus on addressing key current issues, including hypergrowth, fragmentation, a limited number of employees with cybersecurity expertise, and AI-driven threats. For organizations pursuing AI strategies, this becomes even more important to ensure a secure foundation and operational practice on which their AI futures should be built.”
You can read more and get the full report on the Fortinet blog.
Image credit: exploderasi/depositphotos.com
