Companies are now spending 35% of their IT security budget on protecting their cloud-stored information, with 63% of businesses planning to spend even more on this in the coming year.
This is according to Fortinet's 2025 State of Cloud Security Report, which looks at how businesses are storing and protecting their digital information.
The report is based on input from over 800 security experts across different industries and countries, including South Africa.
It reveals what’s driving hybrid and multi-cloud adoption, the evolving challenges organisations face, and actionable steps for securing these dynamic environments.
Cloud security challenges
While cloud adoption offers substantial benefits, it also brings significant security challenges, says Vincent Hwang, VP of cloud security at Fortinet.
Over 60% of participats in this latest Fortinet study acknowledge that security and compliance concerns are top barriers to cloud adoption.
Misconfigurations, regulatory non-compliance, and data breaches are among the most pressing issues identified, especially as hybrid and multi-cloud environments expand.
For example, healthcare providers who migrate patient records to the cloud must comply with HIPAA regulations while safeguarding sensitive information.
Compounding these challenges is the cyber security skills gap.
According to the report, 76% of organisations report a shortage of cloud security expertise and people resources, limiting their ability to deploy and manage comprehensive security solutions.
“This shortage not only underscores the need for targeted training and upskilling to bridge the gap but also to rethink cloud deployment strategies to reduce complexity and increase security effectiveness,” Hwang adds.
Cloud storage
The research also shows that 82% of organisations surveyed now store their information in the cloud and consider it to be a secure internet-based storage system.
Just over 50% of companies are using a mixed approach - keeping some information in their own offices while storing other data in the cloud.
Fortinet claims many organisations are channelling their resources to address critical security gaps, ensure compliance, and overcome technical complexities.
Hybrid and multi-cloud dominate
The report shows 82% of organisations use cloud environments for scalability, flexibility, and resilience, while hybrid cloud adoption has risen to 54%.
“This approach lets organisations optimise the deployment of their applications based on their needs, striking a balance between control and compliance. For instance, IT teams can use public clouds for customer-facing applications while keeping sensitive data safe in their private environments,” notes Hwang.
Fortinet advocates for a unified cloud security platform and advises organisations, especially those with cloud spending commitments, to reassess their cloud security investments. Hwang recommends flexible daily-usage licensing programs that provide a broad range of solutions, enabling quick scaling and payment based on actual usage.
The report highlights that AI-driven threat detection, edge computing, and zero-trust architectures will shape the next wave of cloud security.
Arthur Goldstuck, CEO, World Wide Worx, said cloud security must be a priority, specifically because of the increase in use of AI and the cloud.
“There are three tech trends that are as inevitable as death and tariffs, and those are the continued increase in use of AI, the continued rise in demand on cloud computing as a result of AI, and the continued rise in cyber security threats as a result of the rise in the use of both AI and the cloud. This means that cloud security should be a budgeting priority in 2025, and any attempt to cut corners on costs or quality of cyber security would be costly. Most large companies realise this, and will therefore increase their spend on cloud security, in tandem with increased spending in AI and cloud.”
Share