Illumio has released The 2025 Global Cloud Detection and Response Report, based on a global survey of 1,150 cybersecurity leaders, including 150 from Australia. The findings show that while Australia leads the world in detecting incidents involving lateral movement, organisations face disproportionate operational strain from alert fatigue, false positives, and downtime.
In the past year, 97% of Australian organisations detected a security incident involving lateral movement, the highest rate globally (global average: 90%). At the same time, 83% of Australian security teams report receiving more alerts than they can investigate, also the highest rate worldwide (global average: 67%). Each lateral movement incident resulted in an average of 8.0 hours of downtime, compared to the global averages of 7.1 hours.
Key findings in Australia:
- Cloud detection and response tools adopted, but most fall short: 97% of Australian organisations report limitations with their current tools, with insufficient context (45%) and alert fatigue (39%) as top challenges.
- Visibility is failing where it matters most: 40% of network traffic in Australia lacks sufficient context for confident investigation, above the global average of 38%. This blind spot makes it more difficult for teams to distinguish between normal and malicious activity.
- Alert fatigue is overwhelming: Australian teams receive an average of 2,061 alerts per day – the equivalent of one alert every 42 seconds. 83% say their teams receive more alerts than they can investigate, the highest globally.
- False positives hinder operations: Security teams in Australia spend an average of 15.9 hours per week investigating false positives (global average: 14.1). 85% of Australian leaders say this impacts their ability to focus on real threats (global: 73%).
- Missed alerts have real consequences: 98% of Australian organisations reported real impacts from missed or uninvestigated alerts, with 26% citing reputational damage (global: 17%).
Looking ahead: the role of AI and automation
As Australian cybersecurity leaders prepare for 2026, priorities are shifting toward AI-driven observability and automation. 26% cite increasing AI/ML-driven capabilities as a top security priority, slightly below the global average of 34%. Globally, nearly 80% of respondents believe AI/ML will be critical for identifying lateral movement faster and reducing alert fatigue.
“In Australia, alarmingly high rates of incidents involving lateral movement, combined with some of the highest levels of alert fatigue globally, are a serious warning signal,” said Andrew Kay, Director of Systems Engineering APJ, Illumio. “To keep pace, organisations will need to invest in AI-driven observability and automation to cut through the noise, contain breaches faster, and reduce operational strain.”
To learn more, including region-specific findings, download the full report here.
Research Methodology
Vitreous World conducted research on behalf of Illumio between August 1 and August 13, 2025. The study surveyed 1,150 IT and cybersecurity decision-makers and key influencers across the US, UK, Germany, France, Australia, Brazil, and Japan.
