IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Editorial storm cloud over server racks cracked padlocks data risk
#
Data Protection
#
Digital Transformation
#
Cloud Security

Red Hat survey finds cloud security incidents rife

Wed, 25th Mar 2026
Author image
By Shannon Williams, News Editor

Red Hat has published research showing that 97% of organisations reported at least one cloud-native security incident in the past year, suggesting breaches are now a near-universal experience for companies running cloud-native systems.

The most common incidents were misconfigured infrastructure or services, known vulnerabilities and unauthorised access. These were often linked to routine operational mistakes rather than isolated sophisticated attacks.

Security issues are also affecting business operations beyond IT teams. The research found that 74% of organisations delayed or slowed application deployments over the past 12 months because of security concerns, while 92% reported wider effects such as more time spent on remediation, lower developer productivity and loss of customer trust.

Maturity Gap

A central finding was a gap between confidence and formal preparation. While 56% of organisations described their day-to-day security posture as highly proactive, only 39% said they had a mature, well-defined cloud-native security strategy.

About 22% of respondents had no defined strategy at all. That lack of structure was reflected in uneven adoption of basic controls, with identity and access management more widely used than practices such as container image signing and runtime protection.

The research suggests organisations with more developed strategies are better placed to adopt stronger guardrails. Those with a well-defined approach were more likely to use advanced protections and reported 61% confidence in securing their software supply chain.

Investment Shift

Budget priorities are changing as companies respond to these weaknesses. Organisations are shifting spending away from separate point products and towards integrating security more directly into software development and operations.

More than 60% of respondents said they planned to invest in DevSecOps automation over the next one to two years. A further 56% identified software supply chain security as a priority, and 54% said they intended to expand runtime protection to detect and block threats such as cryptojacking or rogue container behaviour.

Regulation is also influencing spending plans. The research found that 64% of organisations expect the EU Cyber Resilience Act to be a main driver of investment decisions, indicating that compliance is becoming a board-level issue rather than a technical afterthought.

AI Risks

Artificial intelligence has emerged as another major concern in cloud security planning. The research found that 58% of organisations now see AI adoption as a core factor shaping their security approach, but governance has not kept pace with implementation.

Almost all respondents, 96%, said they had significant concerns about generative AI in cloud environments. The main worries were exposure of sensitive data, unauthorised use of shadow AI tools and the addition of insecure third-party AI services to existing systems.

At the same time, 59% of organisations lacked documented internal AI usage policies or governance frameworks. That gap increases the risk that AI tools could alter configurations, expose proprietary code or deepen existing identity and supply chain vulnerabilities.

Operational Controls

The survey also indicates that many organisations still rely on inconsistent or incomplete security controls. Identity and access management had adoption of roughly 75%, but only around half had implemented container image signing, a measure used to verify software integrity.

Runtime protection also remained patchy. In practice, that leaves many teams relying on default settings rather than deliberate governance over how workloads behave after deployment.

That matters because weak controls can allow risk to spread quickly in cloud-native environments. Misconfigurations, insecure dependencies and unauthorised access can move through modern application environments faster when development and deployment cycles are frequent.

Business Impact

The findings underline how closely security is now tied to delivery speed and operational resilience. Delays to application deployment can affect product rollouts, internal development schedules and companies' ability to respond to market changes.

Loss of customer trust was cited by 32% of respondents as a significant effect of incidents, while 52% said remediation work consumed more time and 43% pointed to lower developer productivity. Those figures suggest the cost of security lapses is now measured as much in disruption and distraction as in technical damage.

Overall, the data presents a picture of companies trying to keep pace with increasingly complex cloud environments while struggling to formalise the policies and controls needed to reduce everyday risk.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment