Cloud Security Alerts Surge
March 25, 2022
An Orca Security 2022 Cloud Security Alert Fatigue Report surveyed over 800 IT
professionals across five countries and ten industries found that more than half
(55%) of respondents use three or more cloud providers and 57% have five or more
cloud security tools. This combination of multi-cloud adoption and disparate
tooling is overwhelming security teams with a flood of inaccurate alerts. For
example, 59% of respondents receive more than 500 public cloud security alerts
per day, and 38% receive more than 1,000 per day.
More than half of respondents spend more than 20% of their time deciding which
alerts should be dealt with first. The overload of alerts, combined with
widespread inaccuracy (43% say more than 40% of their alerts are false
positives) is not only contributing to turnover but also to missed critical
alerts. More than half of respondents (55%) say their team missed critical
alerts in the past, due to ineffective alert prioritization – often on a weekly
and even daily basis.
“Multiple, disconnected tools continue to plague security teams. Having to sift
through hundreds of ‘high priority’ often meaningless alerts is causing security
practitioners to become overwhelmed and leading to burnout and turnover,
exacerbating cybersecurity staff shortages,” said Avi Shua, CEO and co-founder,
Orca Security. “The only way to win the battle of cloud security is to leverage
context to the maximum. Practitioners should be enabled to focus on the very few
toxic combinations of alerts and attack paths that can put their crown jewels in
jeopardy, rather than trying to review thousands of meaningless alerts.”
number of cloud security alerts and
false positives keeps rising.
respondents, 59% say they receive
more than 500 cloud security alerts
per day. Almost 40% receive more
than 1,000 alerts per day.
daily basis, 79% have more than 500
cloud security alerts open.
respondents say that more than 20%
of alerts are false positives, while
43% say more than 40% of their
alerts are false positives.
teams waste time, become desensitized by
false-positive alerts, and experience
organizational friction and burnout.
than half of security teams spend
more than 20% of their time deciding
which alerts to handle first, while
a quarter of teams spend more than
40% of their time prioritizing
55% of respondents who say that
critical alerts are being missed,
41% said alerts are being missed on
a weekly basis. Twenty-two percent
said on a daily basis.
fatigue causes burnout, turnover,
and internal friction: 62% of
respondents say that alert fatigue
has contributed to turnover, and 60%
said that alert fatigue has created
security tools, the higher rate of false
positives and alert fatigue.
According to the report, more than
57% of respondents have five or more
public cloud security tools.
with 10 or more cloud security tools
are 67% more likely to receive more
than 1,000 alerts per day than those
with 5 or fewer tools.
than 50% of security professionals
with at least 10 tools in their
cloud environments receive 40% or
more false-positive alerts.
70% of security teams with more than
10 tools suffer from alert fatigue
compared to 57% of teams with less
than 5 tools.