Widespread Failure in Cloud Security Fundamentals Leaves Organisations Exposed, New Tenable Data Shows

Despite years of warnings, organisations are failing to master the fundamentals of cloud security, creating significant cyber exposure gaps. As they overwhelmingly adopt complex cloud and hybrid environments, a critical failure to manage identity-based threats and bridge the internal expertise gap is among the risks, leaving them dangerously exposed to breaches. These are findings from […]

Cloud Security | Exposure Management | Security Operations | Threat Intelligence

Posted: Thursday, Sep 11

KBI.Media
$
Widespread Failure in Cloud Security Fundamentals Leaves Organisations Exposed, New Tenable Data Shows

Widespread Failure in Cloud Security Fundamentals Leaves Organisations Exposed, New Tenable Data Shows

Despite years of warnings, organisations are failing to master the fundamentals of cloud security, creating significant cyber exposure gaps. As they overwhelmingly adopt complex cloud and hybrid environments, a critical failure to manage identity-based threats and bridge the internal expertise gap is among the risks, leaving them dangerously exposed to breaches.

These are findings from the State of Cloud and AI Security 2025 report, research commissioned by Tenable and developed in collaboration with the Cloud Security Alliance (CSA). The research surveyed more than 1,000 IT and security professionals worldwide, including Australia, to understand how organisations are adapting their strategies to manage risk across increasingly multi-layered cloud and AI‑driven infrastructures.

The modern IT landscape has become a complex web of infrastructure, with 82% of organisations now operating hybrid environments and 63% using multiple cloud providers. This shift demands unified security visibility and consistent policy enforcement, yet most organisations lack the controls to manage this fragmentation, creating blind spots that attackers can exploit.

This fragmented landscape has made identity the primary battleground for cloud security. While a majority of organisations (59%) correctly identify insecure identities and permissions as their top cloud risk, their actions fail to address the threat. This is proven by breach data, where the leading causes are directly tied to identity failures like excessive permissions (31%), inconsistent access controls (27%), and weak identity hygiene (27%). This points not to isolated technical errors, but to a systemic breakdown in how identity is governed across the enterprise.

Progress is being stalled by a persistent and critical lack of expertise, which 34% of organisations cite as their single greatest challenge. This skills gap creates a ripple effect that undermines security from the ground up, leading to unclear strategies (39%) and a dangerous disconnect with leadership. In fact, nearly a third of respondents (31%) believe their own executives lack a sufficient understanding of cloud security risks, hindering the alignment, budget, and resources needed to protect the business.

“Identity has become the cloud’s weakest link, but it’s being managed with inconsistent controls and dangerous permissions,” said Liat Hayun, VP of Product and Research at Tenable. “This isn’t just a technical oversight; it’s a systemic governance failure, compounded by a persistent expertise gap that stalls progress from the server room to the boardroom. Until organisations get back to basics, achieving unified visibility and enforcing rigorous identity governance, they will continue to be outmanoeuvred by attackers.”

Download the report here.

More information on Tenable Cloud Security is available at: https://www.tenable.com/cloud-security

Read today’s blog post here.