Nearly half (44%) of CISOs believe cloud providers overpromised the security protection they would receive according to a new survey by Arctic Wolf
18 March 2025, London: Arctic Wolf, a global leader in security operations and a cybersecurity provider for AWS customers, found that security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider. This is being driven by the fact that 24% don’t believe their cloud environment is secure, and 43% think cloud service providers overpromised the security protection they would receive. The new business survey commissioned by Arctic Wolf looked at CISOs’ security challenges on the cloud, and explored ways in which organisations can improve their security posture with managed service providers (MSPs).
High security standards are essential
Cloud providers have become increasingly critical to firms, with the technology enabling workers to access files and services from any location. This has resulted in 73% of CISOs working with between 2 and 5 cloud service providers to support all the needs of their company’s workforce. However, this vastly expanded threat surface, combined with a lack of in-house skills to secure it, means 53% of CISOs rely on a security-first mindset from their cloud providers.
Unfortunately, this has resulted in some cloud providers overinflating their security offering, leaving organisations exposed to cyber risks. As a result, CISOs are having to be much more careful about the provider they choose to partner with, with 52% stating they would avoid cloud providers based on previous security incidents.
You wouldn’t hire a lawyer to build a house
With 44% of businesses already spending between £101,000 and £250,000 on cloud migrations in the past 12 months there is a clear need for organisations to ensure they are working with trusted partners who can meet this security need. Otherwise, companies will run the risk of having to spend more to not only move to new suppliers but also respond to the cost of a data breach.
The cost and resources needed for organisations to boost their own security skills and technology is often too prohibitive. For example, KPMG estimates the annual budget for a security operations centre (SOC) is $14.6 million, which far outstrips many companies annual budget, let alone their IT spend. Addressing this issue requires businesses to partner with outside experts who can work as an extension to IT teams. This reduces the pressure on the company and enables organisations to access skills and technology which would be beyond their own budget. For instance, 37% of CISOs who use a channel partner in a cloud migration saw an increase in security and risk management services, and 30% gained access to advanced technology like AI.
It takes a village to achieve good cybersecurity
Not only do channel partners and MSPs help boost security, they can also provide stability to the perilous role of a CISO, with 92% stating it helps protect their jobs by sharing responsibility in case there is a cyber-attack. CISOs who work with partners like Arctic Wolf acting as an extension of their own team can use them to help inform response strategies, where they need to improve security in the future, cover skills gaps within their own team, and give them more insight into how they were targeted. All of which helps show other C-suite executives what they should focus on and help them understand the more technical aspects of cybersecurity.
However, despite the clear advantages to security and job stability, only 22% of CISOs use a channel partner in their cloud migration process. This is leaving many exposed to unnecessary risk from attacks or job loss.
Clare Loveridge, VP and General Manager EMEA at Arctic Wolf said, “It is clear that many organisations are struggling when it comes to securing cloud environments. A combination of underdelivering cloud providers and a lack of in-house skills is resulting in a dangerous situation which can leave valuable company data exposed to risk. Simply adding more technology will not solve this problem.
“Securing the cloud is a shared responsibility between the cloud provider and the organisation. While cloud providers offer good security tools it is important that you have a team of security experts to help you run the operation. Someone needs to be always on the lookout for emerging threats and be ready to respond in real time. This is why organisations can really benefit by partnering with a MSP to ensure they have the most up-to-date protection, and the relevant skills required to combat bad actors in this evolving threat landscape. Partnerships like this give customers the peace of mind, knowing that they make the most of their cloud environments safe in the knowledge they are protected.”
For more information on how Arctic Wolf and AWS can help secure your cloud infrastructure click here.
–ENDS—
About Arctic Wolf
Arctic Wolf® is a global leader in security operations, enabling customers to manage their cyber risk in the face of modern cyber-attacks via a premier cloud-native security operations platform. The Arctic Wolf Aurora Platform ingests and analyzes more than eight trillion security events a week to help enable cyber defense at an unprecedented capacity and scale, empowering customers of virtually any size across a wide range of industries to feel confident in their security posture, readiness, and long-term resilience. By delivering automated threat protection, response, and remediation capabilities, Arctic Wolf delivers world-class security operations with the push of a button so customers can defend their greatest assets at the speed of data.
Research methodology
The survey conducted by 3Gem polled 250 CIOs, CISOs and senior decision makers with responsibility in cybersecurity at UK companies of all sizes between 20th and 31st December 2024.
Press Contact
Brands2Life
+44 (0)20 7592 1200
Arcticwolf@brands2life.com
© 2025 Arctic Wolf Networks, Inc., All Rights Reserved. Arctic Wolf, Aurora, Alpha AI, Arctic Wolf Security Operations Cloud, Arctic Wolf Managed Detection and Response, Arctic Wolf Managed Risk, Arctic Wolf Managed Security Awareness, Arctic Wolf Incident Response, and Arctic Wolf Concierge Security Team are either trademarks or registered trademarks of Arctic Wolf Networks, Inc. or Arctic Wolf Networks Canada, Inc. and any subsidiaries in Canada, the United States, and/or other countries.
