A survey of 1,150 cybersecurity leaders published today finds that most cybersecurity teams are now overwhelmed by alerts they lack the ability to investigate.

Conducted by Vitreous World on behalf of Illumio, a provider of a network security platform, the survey finds 67% of security teams receive an average of over 2,000 alerts per day, which is the equivalent of one alert every 42 seconds.

Cybersecurity teams, at the same time, are on average spending 14.1 hours per week chasing down false positive alerts due to a lack of useful visibility, tool sprawl, and outdated detection technologies, with nearly three-quarters (73%) acknowledging that time spent on tracking down the source of those alerts adversely impacts their ability to focus on real threats. False positives remain an issue for well over half of respondents (58%), the survey finds.

A full 92% of respondents also admit their organization has experienced security incidents that can be traced back to missed or uninvestigated alerts. While most occur rarely (44%) or sometimes (30%), it requires, on average, 12.1 hours to simply detect an issue that can be traced back to a missed alert, the survey finds.

Overall, a total of 93% of survey respondents reported challenges in responding to security incidents over the past 12 months, mainly attributed to tool/technology-related issues (42%) and human-based workflows (39%).

Raghu Nandakumara, vice president of industry strategy from Illumio, said it’s clear that a general lack of context continues to hamper threat visibility in a way that ultimately increases fatigue levels for cybersecurity teams that are already short-staffed. Without that context, it becomes too difficult to identify the specific chain of events that led to a breach occurring, he added.

For example, while 83% of respondents are confident their teams can detect lateral movement and breaches, the survey also finds nearly 40% of network traffic lacks the sufficient context needed to confidently investigate alerts, even though most monitor hybrid communications (80%) and east-west traffic (77%).

A total of 83% of respondents also noted they have deployed multiple cloud detection and response (CDR) tools and are confident these tools detect anomalous traffic (84%). Nevertheless, 92% of those who have adopted these tools report challenges involving a lack of context and alert fatigue. Not surprisingly, a full 91% of respondents also noted they expect an increase in cloud security budgets over the next year.

Many cybersecurity leaders are clearly now hoping that investments in artificial intelligence (AI) and machine learning will reduce the current level of fatigue their teams are experiencing. In fact, the top 2026 security investment priorities are increasing AI/ML-driven capabilities (34%), improving cloud detection and response (34%), reducing mean time to detect/respond (33%) and automating threat triage and investigation (31%), the survey finds. Specifically, a full 80% believe AI/ML technologies will play a critical role in identifying lateral movement of malware faster to help reduce alert fatigue.

The challenge, of course, is making sure those investments will be able to thwart emerging threats versus just the ones that are already well known.