The cloud now moves more than $700 billion worldwide and has become the nervous system of thousands of companies. But, according to the new Cloud Readiness Report 2025 by Kyndryl, most organizations have arrived here almost by accident: 7 out of 10 CEOs admit that their current cloud environment is not the result of deliberate design, but rather a series of ad hoc decisions accumulated over time.
Despite this lack of planning, spending is not slowing down. Organizations have increased their cloud investments by more than 30% on average in the past year, just as challenges related to AI adoption, new regulatory requirements, and increasingly aggressive cybersecurity threats multiply. The report, based on responses from 3,700 executives across 21 countries, highlights a pivotal moment: cloud is shifting from a place to “hang” workloads to a living architecture that shapes control, trust, and innovation capacity.
From “Accidental” Cloud to Strategic Cloud Design
The key takeaway from the report is clear: the difference between using the cloud reactively or as a strategic capability will determine who leads the next wave of AI.
Kyndryl identifies three core ideas:
- Success in the cloud is greater when it’s not accidental. Aligning infrastructure, data, and governance yields more innovation and agility than simply migrating servers without a roadmap.
- AI, especially agentic AI, depends on deliberate design. If systems and data are not well connected, responsible scaling of intelligence is impossible.
- Security and sovereignty are no longer obstacles but principles of design. Architecture must start from trust and interoperability, not add them at the end.
The revealing statistic is that 70% of CEOs admit their current cloud state was reached “by accident, not by design.” This results in messy hybrid environments, legacy contracts with hyperscalers, and a tangle of tools that complicate life for IT and business teams.
Sovereignty and Geopolitics: The New “Third Factor” in Cloud
The report clearly highlights concerns about the geopolitical context and data regulations:
- 75% of leaders express worry about geopolitical risks associated with storing and managing data in global clouds.
- 65% have already adjusted their strategies due to new data sovereignty regulations.
- 41% are repatriating some of their data from public cloud to on-premise environments.
The core message is that the debate is no longer “cloud or no cloud,” but where and under what rules each workload runs and each data point is stored. Architecture is king: it’s not about choosing between on-premise or cloud, but about how to connect both worlds.
Multicloud and Hybrid: From Trend to Standard
The report confirms that hybrid cloud and multicloud have shifted from being trends to becoming the de facto standard:
- 84% of responsible parties state they intentionally use multiple clouds, not just out of inertia.
- Only 17% describe their approach as “cloud-first” in a pure form; most focus on interoperability between private and public platforms.
This reality stems from multiple factors: avoiding vendor lock-in, regulatory demands, resilience needs, and now, AI requirements.
AI and Cloud: inseparable allies, but poorly coordinated
A key area where this shift is evident is in artificial intelligence:
- 89% of leaders confirm that their cloud investments have facilitated AI use.
- However, 35% cite integration issues as the main barrier to realizing the full potential of their AI projects.
Cloud has become the default infrastructure for training and deploying models, but it’s not just about “uploading data and launching a model.” Kyndryl emphasizes two trends:
- Private models on private clouds. For organizations with strict regulatory or risk constraints, internal LLMs are emerging that run on private clouds or specialized “neoclouds” with GPU capabilities, combined with techniques like RAG (retrieval-augmented generation) to enrich responses with corporate data without retraining massive models.
- Neoclouds and on-demand GPU resources. Companies and labs turn to providers focused on GPU that allow short-term rental of computing power without long-term contracts or massive hardware investments.
The report’s clear advice is: train where scale exists (public cloud) and execute near data (private cloud/on-premise). Agentic AI — capable of making decisions and executing workflows autonomously — demands hybrid architectures that maintain governance, speed, and cost control.
Redefining Security in the Era of AI
Cloud security remains a top priority, but the rise of AI is transforming the landscape:
- 82% of organizations experienced at least one cybersecurity incident disrupting services in the past year.
- 91% report that their cloud infrastructure provides sufficient flexibility to adapt quickly to new regulations.
- 75% are investing in AI for cybersecurity, more than in any other AI-enabled capability.
The paradox is that cloud and AI both increase attack surfaces, yet also offer tools to be more resilient. Distributed architectures help isolate threats, automate responses, and restore systems faster—provided there is a well-defined governance and data strategy.
Kyndryl highlights three recurring concerns among cloud users:
- Scale as a double-edged sword. Hyperscalers are attractive targets for attackers due to the potential impact of breaches.
- AI does not respect borders. Models can inadvertently ingest sensitive data (manual uploads, public tool usage, misconfigured APIs), so governance must come first.
- Legislation varies by country, but cloud does not. Risks like government access, service shutdowns for political reasons, or sudden regulatory changes are no longer hypothetical scenarios.
Building a Well-Designed Hybrid Cloud: The Company’s “Smart Basis”
The report concludes that the hybrid era is not a transition phase, but the natural state of the modern enterprise. Leaders no longer ask if they should move workloads between public and private clouds, but how to make all platforms work as a unified whole.
Within this vision, a mature cloud strategy:
- Aligns business and IT, treating cloud as a strategic capability rather than just a hosting platform.
- Designs architecture with interoperability, sovereignty, and trust from the start.
- Integrates FinOps, data governance, security, and AI operations into a cohesive framework.
- Leverages cloud to build AI systems that learn at scale while operating close to sensitive data, with humans in the loop for context and judgment.
A phrase that encapsulates the report might be: “The future of AI will be defined not only by algorithms but also by the environments hosting them. AI relies on data, but thrives on good design.”.
Frequently Asked Questions
What does it mean that 70% of CEOs arrived at the cloud “by accident”?
Many companies have adopted cloud services reactively—via isolated projects, acquisitions, or urgent needs—without a comprehensive architecture designed for AI, security, and sovereignty. The challenge now is to move from this piecemeal approach to a coherent, strategic design.
Why is hybrid cloud considered the foundation for an AI-ready enterprise?
Because it enables training models and using advanced services in public clouds where scale and GPUs are available, while deploying inference and governing data on private or on-premise clouds. This balances performance, compliance, and cost control.
What role does data sovereignty play in current cloud strategies?
New regulations and geopolitical risks lead many organizations to repatriate some data and design architectures where not everything depends on a single global provider. Sovereignty shifts from a barrier to a design principle.
How are companies using AI to enhance cybersecurity in the cloud?
According to the report, three out of four organizations are investing in AI-driven cybersecurity: advanced anomaly detection, event correlation, automation of responses, and vulnerability prioritization. The goal is to reduce detection and response times in increasingly distributed environments.
Sources
- Kyndryl — Press Release Kyndryl releases the 2025 Cloud Readiness Report (12/11/2025).
- Kyndryl — 2025 Readiness Report: Unlocking Cloud Readiness.