Nearly half (44%) of CISOs believe cloud providers overpromised the security protection they would receive according to a new survey by Arctic Wolf.
Cloud security is notoriously difficult, especially in a threat landscape that’s growing more complex every day. Organisations of all sizes, especially smaller and resource-constrained businesses, can struggle to secure their cloud environment due to budget constraints, a lack of expertise, or limited visibility into that environment. These issues are well-documented, but still, security concerns around cloud environments have prompted 44% of chief information security officers (CISOs) to change cloud service providers, according to new research commissioned by Arctic Wolf and Amazon Web Services (AWS).
The survey looked at CISOs’ security challenges in the cloud, and explored ways in which organisations can improve their security posture with managed service providers (MSPs). With cloud migration providing a technology and efficiency advantage over on-premises storage for businesses, it’s not a mystery why the typical modern business now uses public, infrastructure-as-a-service (IaaS) cloud platforms for its major business and organisational functions. But this transition also increases the attack surface for threat actors to target, with 73% of CISOs working with between two and five cloud service providers to support all the needs of their company’s workforce. That’s a lot of ground for a security provider to cover, and it’s not a rare occurrence — the 2024 IBM Cost of a Data Breach Report found 40% of data breaches involved data stored across multiple environments.
With so many organisations relying on multiple cloud service providers to operate their business, funding them and providing ample in-house security for them can prove to be challenging. Cloud can be expensive, with 44% of businesses already spending between £101,000 and £250,000 on cloud migrations in the past 12 months, leading 53% of CISOs to rely on a security-first mindset from their cloud providers rather than staffing their own security. There’s nothing wrong with relying on a trusted security vendor, but even with a vendor, 24% of respondents don’t believe their cloud environment is secure. That isn’t sustainable, especially with ransomware remaining a lucrative industry for threat actors in 2025.
There are paths forward, however, for businesses of all sizes to both migrate to the cloud efficiently and affordably while retaining a strong cybersecurity infrastructure. 37% of CISOs who used a channel partner in their cloud migration journey saw an increase in security and risk management services, while 30% gained access to advanced technology like artificial intelligence (AI). Most importantly for in-house IT leaders, 92% of CISOs said it helps protect their jobs by sharing responsibility in case there is a cyber attack. Most cloud service providers employ a shared responsibility model, in which the degree of responsibility for an organisation depends on the type of services they employ. This model enables a partner like Arctic Wolf to detect and respond to advanced threats that impact cloud-based applications and data hosted in AWS infrastructure, and helps organizations comply with regulatory mandates like PCI, HIPAA, and SOX.
Arctic Wolf Security Teams partner with customer organisations, granting CISOs access to the security expertise they need to inform response strategies, cover skills gaps within their own team, and rapidly detect and respond to threats across on-premises and AWS cloud deployments. This relationship also helps other C-suite executives understand the more technical aspects of their own security posture, improving the resilience of the organization as a whole.
All Arctic Wolf solutions were developed in collaboration with AWS. Our relationship ensures Arctic Wolf technology, processes, and services fully utilize AWS advanced computing, storage, networking, and more. Together, we deliver a fully managed service designed to protect and monitor your essential AWS resources.
