Closing the Cloud Complexity Gap: The Impact of Fortinet’s 2026 Cloud Security Report on New Zealand businesses
Cloud adoption across New Zealand continues to accelerate, driven by digital transformation, hybrid work, and growing reliance on SaaS and AI-enabled services. However, Fortinet’s 2026 Cloud Security Report makes one thing clear: while cloud environments are expanding rapidly, security maturity is struggling to keep pace. Based on insights from over 1,100 global cybersecurity leaders, the report highlights a widening cloud complexity gap. This gap reflects a structural mismatch between the speed and scale of modern cloud environments and organisations’ ability to maintain consistent visibility, detection, and response. For New Zealand organisations operating across hybrid and multi-cloud environments, this challenge is not theoretical. It is already affecting risk posture, operational resilience, and regulatory exposure.
Cloud complexity is now the norm, not the exception
According to the report, 88% of organisations now operate across hybrid or multi-cloud environments, with most relying on two or more cloud providers to support critical workloads. This mirrors what Nextro sees across New Zealand enterprises, government agencies, critical infrastructure operators, and regulated industries. Cloud estates typically evolve over time rather than through a single design decision. Legacy on-prem environments coexist with public cloud platforms, SaaS applications, remote users, and distributed devices. While this delivers agility and scale, it also expands the attack surface across identities, configurations, data paths, and services.
For network and cybersecurity teams, the challenge is no longer whether the cloud can be secured, but whether it can be secured consistently across environments that were never designed to operate as a single system.
Tool sprawl is undermining visibility and confidence
One of the strongest signals in the Fortinet report is the operational impact of fragmentation. 69% of organisations cite tool sprawl and visibility gaps as their top barrier to effective cloud security. Rather than improving outcomes, disconnected tools often increase complexity. Cybersecurity teams are forced to pivot between consoles, manually correlate alerts, and investigate incidents after the fact. As a result, 66% of organisations lack strong confidence in their ability to detect and respond to cloud threats in real time. In the New Zealand context, where cybersecurity teams are often lean and multi-skilled, this fragmentation creates real operational risk. Time spent managing tools is time not spent reducing exposure or strengthening resilience.
Budget growth is not translating into maturity
Fortinet’s data shows that cloud risk consistently concentrates in three areas:
- Data exposure and privacy risks (66%)
- Identity and access security (77%)
- Misconfigured cloud services (70%)
These risks rarely exist in isolation. A misconfiguration may seem low risk on its own, but when combined with over-privileged identities and sensitive data, it becomes a direct path to breach. This exposure chain is particularly relevant for organisations managing critical services, customer data, or regulated workloads in New Zealand. When cybersecurity controls operate in silos, attack paths often become visible only after an incident has occurred.
Identity, configuration, and data are the primary risk areas
Two-thirds of survey participants expect new OT compliance requirements within the next five years, and many believe these changes will arrive much sooner. While New Zealand has not yet introduced stringent OT regulations, the global move towards frameworks such as IEC 62443 suggests it is only a matter of time. Local organisations that align early with international standards will be better prepared for regulatory pressure and more resilient in the face of scrutiny.
Automation is stalling at alerting
While many organisations have introduced automation, Fortinet’s report shows that most automation remains alert-driven rather than outcome-driven. Only 11% report fully autonomous remediation capabilities, while more than a third rely on automation that stops at notifications. With attackers operating at machine speed, alert-only automation simply shifts the burden onto already stretched teams. This is compounded by the ongoing cybersecurity skills shortage, which 74% of organisations say directly impacts their cloud security effectiveness. For New Zealand organisations, this reinforces the need for automation that is grounded in trusted, unified visibility, rather than isolated tools generating more noise.
A clear shift towards unified security architectures
When asked how they would design their cybersecurity if starting again, 64% of organisations said they would choose a unified platform that integrates network, cloud, and application security. This does not signal a desire for monolithic solutions. Instead, it reflects demand for interoperable platforms that share telemetry, policy, and context across environments. Unified visibility enables faster detection, more confident automation, and reduced operational friction. This architectural shift aligns closely with Nextro’s approach to helping organisations design cybersecurity environments that scale with the business rather than slow it down.
What this means for New Zealand organisations
Fortinet’s 2026 Cloud Security Report reinforces several priorities for New Zealand businesses:
- Treat visibility as a foundation, not an outcome.
- Reduce fragmentation by consolidating around shared context and telemetry.
- Address identity, configuration, and data risks together, not in isolation.
- Automate for outcomes, not alerts.
- Extend cloud security integration across networks, endpoints, and SaaS environments.
Closing the cloud complexity gap is not about deploying more tools. It is about designing security architectures that can operate at the speed of modern cloud environments.
As cloud adoption continues to accelerate across New Zealand, organisations that prioritise integration, visibility, and operational efficiency will be best positioned to reduce risk without compromising agility. The Fortinet 2026 Cloud Security Report provides a clear, data-backed roadmap for security leaders looking to move from fragmented defences to unified, outcome-driven cloud security programs.
Contact Nextro today to align your cloud security strategy with real-world operational demands.