- Greater cloud and AI adoption is driving the new security risks, yet many organisations has struggle with fragmented tools and unclear leadership roles.
- Firms must shift from the reactive security to risk-informed plans that include the unified visibility, prevention metrics and leadership alignment.
What happened: Many firms are deploying cloud and AI fast but without strong coordination in strategy
Tenable, a major cybersecurity company, published research on 10 September 2025 revealing firms are falling behind threats in an AI-driven business world. The study found 82 percent of organisations now work in hybrid environments (on-premises plus cloud) while 63 percent use more than one cloud provider. Over half have deployed AI for business, and 34 percent of those with AI workloads have already suffered breaches.
Despite that, many security strategies are reactive, incomplete and disconnected. A large share of those surveyed said their security tools are fragmented, only 20 percent use unified risk assessment, and 28 percent lack visibility across environments.
Tenable argues security leaders need to build risk-informed strategies, improved controls and visibility across hybrid and multi-cloud systems, plus leadership alignment.
Also read: Vodafone advances direct-to-device satellite connectivity trials
Also read: Globe and Lynk to launch direct-to-device satellite service
Why it’s important
As more businesses adopt cloud computing and AI, their attack surfaces grow. If they do not match these new environments with up-to-date security strategy, breaches become more likely. The report says leadership gap and tool fragmentation prevent sound risk awareness and decision making. Without visibility and shared metrics, firms must rely on reaction, not prevention.
This problem matters for investors, executives and regulatory bodies. Companies face pressure over transparency and governance. When AI workloads are breached, reputational, financial and legal consequences follow. Coordinated strategies help reduce those risks. Finally, proactive metric-led security—tracking prevention and resilience—can save money versus recovering from attacks. The report’s messages offer leaders a chance to rethink their plans before crises force change.
