Introduction

As hybrid cloud infrastructures continue to evolve, they are increasingly subject to AI-driven risks, complex data environments, and growing cyberthreats. Our recent 2025 Hybrid Cloud Security Survey underscores the rising pressure faced by organisations worldwide as AI technologies disrupt traditional security frameworks. With a 17 percent year-on-year rise in breach rates across Australia, these growing threats are making security a critical priority for organisations. The escalating complexities are mirrored by an increased focus on regulatory compliance, with the Australian Prudential Regulation Authority’s (APRA) CPS 230 and CPS 234 shaping how finance, banking and insurance organisations must navigate the hybrid cloud security landscape moving forward and significantly increasing accountability on organisations as well as individuals to keep data secure, manageable and visible.

The survey highlights how AI’s increasing presence within hybrid cloud infrastructures is amplifying security risks. As organisations scale their operations and deploy AI workloads, they face surging network data volumes, with one in three organisations reporting that network data volumes had more than doubled in the past two years. Alongside this growth, AI-driven threats have skyrocketed. The survey found that Australia reported the highest increase of AI-powered attacks, with 63% of respondents reporting an increase in ransomware attacks, and 56% reporting an increase in LLM attacks.

The complexities of managing hybrid cloud infrastructures are compounded by fragmented tools and limited visibility. Nearly half (47%) of the survey respondents indicated that the inability to gain comprehensive insight into their network, particularly into lateral movement within cloud environments, was forcing them to make compromises in securing their infrastructure. This lack of visibility makes it very difficult to detect and respond to threats in real time, leaving organisations vulnerable to evolving attack strategies.

While organisations struggle with these growing risks, the Australian regulatory environment is simultaneously tightening, forcing companies to adapt not only to emerging cyber threats but also to increasingly stringent compliance requirements.

APRA’s CPS 230 and CPS 234: A Regulatory Framework for Resilience

In response to the growing risks surrounding hybrid cloud infrastructures and AI-driven cyber threats, the Australian Prudential Regulation Authority (APRA) has introduced two critical pieces of regulation; CPS 230 and CPS 234. These regulations are designed to help financial institutions and regulated entities better manage their cybersecurity risks, particularly as they relate to cloud and AI technologies.

CPS 230, effective since mid-2023, mandates that financial institutions adopt comprehensive operational resilience programs. These programs must ensure that institutions can withstand and recover quickly from cyberattacks, including those targeting cloud-based infrastructures and AI workloads. With AI-powered adversaries gaining ground, CPS 230 requires organisations to address the operational challenges associated with hybrid cloud security, ensuring that security systems can scale and adapt as the risk landscape becomes more dynamic.

Coming into play on July 1^st 2025, CPS 234 now places a significant emphasis on third-party risk management, particularly with regard to cloud service providers. Under CPS 234, financial institutions must ensure that their third-party vendors meet stringent cybersecurity requirements. This includes ensuring that cloud service providers maintain the same levels of security as the organisations themselves. With 70 percent of organisations in the Hybrid Cloud Security survey now viewing the public cloud as a greater security risk than ever before, this regulatory focus comes at a critical time, urging organisations to rethink their reliance on public cloud environments and to implement tighter controls on their cloud services and vendors.

Both regulations highlight the importance of visibility and transparency in cybersecurity. They call for continuous monitoring of networks, infrastructure, and data flows, all of which can be enhanced by adopting a deep observability approach, one that many organisations are increasingly relying on to secure hybrid cloud environments. The research finds that 89 percent of security leaders view deep observability as crucial for securing their hybrid cloud infrastructure, particularly in the face of AI-driven threats.

Deep Observability: The Key to Regulatory Compliance and Security

The need for complete visibility is a recurring theme in both the Gigamon survey and APRA’s regulatory frameworks. Organisations that struggle with fragmented or siloed security tools are at a distinct disadvantage, unable to monitor or secure their hybrid cloud environments effectively. This lack of visibility is also a significant concern for APRA, as CPS 230 and CPS 234 both require regulated entities to ensure they have full transparency into their digital operations, including third-party service providers.

Deep observability combines network telemetry including metadata, network packets, and flow data with log data to offer a comprehensive view of all data in motion, and has emerged as a strategic imperative for hybrid cloud security. This approach enables security teams to detect potential breaches in real time, respond proactively, and minimise the impact of emerging threats. For organisations striving to comply with APRA’s cybersecurity standards, achieving deep observability is not only a best practice but a regulatory necessity.

With 64 percent of organisations stating that real-time threat monitoring is their top priority for the next 12 months, it is clear that companies are starting to prioritise the tools and strategies that will allow them to gain the visibility needed to meet these evolving standards.

Balancing AI Innovation and Regulatory Compliance

As organisations continue to explore the potential of AI to drive business innovation, they must balance this enthusiasm with a cautious approach to security. APRA’s CPS 230 and CPS 234 provide a framework that not only addresses the growing threat landscape but also ensures that organisations are better prepared to respond to the challenges posed by AI and hybrid cloud environments. For financial institutions and regulated entities, this means embracing tools like deep observability to ensure their hybrid cloud infrastructures are secure and resilient, in full compliance with both regulatory standards and the growing threat of AI-driven risks.