Despite growing self-confidence, cloud security remains a sensitive issue for security teams: overly broad access rights, misconfigurations, and a structural lack of strategy mean that organizations rush from incident to incident. This is evident from the State of Cloud-Native Security Report 2026 by Red Hat, which examined the cloud security practices of organizations worldwide.
For security teams, 2025 has not been a quiet year. 97% of the surveyed organizations reported at least one cloud security incident in the past 12 months. These are rarely sophisticated, one-off attacks, but usually the result of everyday mistakes. The most common causes are misconfigurations of infrastructure or services (78%), followed by deploying workloads with known vulnerabilities (74%) and non-compliance with regulations (67%).
Loss of productivity
The impact of incidents goes beyond the IT department. 74% of organizations have delayed or slowed application implementations in the past 12 months due to security issues. Additionally, 92% reported significant consequences, including more time spent on recovery work (52%), less productive developers (43%), and loss of customer trust (32%).
Self-perception vs. reality
A striking insight is the gap between self-perception and reality. Half (56%) describe the current cloud approach as strongly proactive, but only 39% have a well-defined cloud strategy for it. About 22% operate without any strategy, with predictable consequences in terms of security. Organizations with a mature strategy report 61% confidence in the security of their software supply chain – significantly higher than the rest.
For 2026, a majority wants to close this gap. More than 60% plan investments in automated security within CI/CD pipelines, 56% focus on the software supply chain, and 64% expect the EU Cyber Resilience Act to drive investment decisions. AI adds another layer: 96% are concerned about generative AI in cloud environments, but 59% have not yet developed an internal AI policy.
The report concludes with a clear message: the pace of cloud-native innovation has outpaced the traditional security approach. Organizations that want to make a difference must structurally integrate security into their platform, rather than layering it on afterward. This requires, among other things, a well-developed strategy, automation of security controls, and a governance framework for AI that does not wait for external regulations.
About Red Hat
Red Hat is a global leader in open hybrid cloud technology and provides a reliable, consistent, and comprehensive foundation for groundbreaking IT innovation and AI applications. The portfolio includes cloud, developer, AI, Linux, automation, and application platform technologies, enabling any application to run anywhere – from the data center to the edge.
As the largest provider of enterprise open source software, Red Hat actively invests in open ecosystems and communities to address tomorrow's IT challenges. In close collaboration with partners and customers, Red Hat helps organizations build, connect, automate, secure, and manage their IT environments. Customers are supported through expert advice, award-winning training and recognized certification programs.
