SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

A third of companies hit by data breach amid rising concerns

Thu, 29th Aug 2024

A new report by AppOmni has revealed that one third of companies reported a data breach this year, marking a rise of five percentage points compared to the previous year. The report surveyed 644 cybersecurity decision makers from organisations across six countries, including the United States, the United Kingdom, France, Germany, Japan, and Australia, almost half of which employ over 2,500 individuals.

Generative AI presents significant concerns, with 38% of respondents worried about data and intellectual property risks associated with it. Additionally, 40% of the surveyed believe that leveraging AI to enhance cybersecurity will be a principal topic of discussion in the coming months. Despite the increased focus on security, confidence in the safety of data stored in Software-as-a-Service (SaaS) applications has declined from 42% to 32% within a year.

Though the majority of organisations (90%) have policies restricting the use of unsanctioned applications, 34% admit these policies are not enforced, reflecting a 12 percentage point increase from 2023. Furthermore, only 27% are confident in the security of their sanctioned apps.

Responsibility for securing SaaS is seen differently across organisations. Half of the respondents believe it lies with the business owner or stakeholder, while only 15% consider it the responsibility of the cybersecurity team. Alarmingly, 34% of respondents are unaware of the number of SaaS apps deployed within their organisation.

AppOmni's data shows a disconnect between perception and reality in SaaS security. Nearly half (49%) of those frequently using Microsoft 365 believe they have fewer than 10 applications connected to the platform. However, AppOmni data indicates that, on average, there are over 1,000 SaaS-to-SaaS connections per Microsoft 365 deployment.

Despite these security challenges, 72% of respondents rate their organisation's SaaS security maturity at a mid-high to highest level, unchanged from last year. Risk concerns primarily revolve around the loss of intellectual property or proprietary data (34%), reputational damage (30%), and the compromise of customer data (27%). Looking forward, 69% anticipate increased cybersecurity spending in the next 12 months, with 29% expecting returns on investments to be a key discussion point, focusing on risk reduction.

Brendan O'Connor, Chief Executive Officer of AppOmni, stated, "SaaS has come a long way from its early days of use in isolated departments, and now underpins modern businesses across every function. But attackers continue to wreak havoc by stealing data, holding companies ransom, disrupting business operations, and damaging organisations' reputations. Our survey findings, conversations, SaaS war stories over the last year, and the current regulatory environment make it clear that SaaS security must mature. As attacker TTPs and preventable security issues are becoming more widely-known, there are signs that CISOs and their teams are prioritising SaaS risks among their cloud security initiatives—even as budget pressures intensify. The days of waiting on SaaS vendors as the primary security providers for your SaaS estate are over. As the operating system of business, your SaaS estate requires a well-structured security programme, organizational alignment on responsibility and accountability, and continuous monitoring at scale."

The report underscores the challenges arising from decentralised operations. Departments independently deploy SaaS apps to meet specific needs, which often results in a blurring of security responsibilities. Business goals frequently overshadow necessary security changes, and line-of-business heads may lack the expertise to enforce adequate security controls.

SaaS applications are widely adopted without full awareness of the associated risks. Organisations witness a surge in third-party integrations providing extended functionalities and unified data access, but often lack visibility into the comprehensive SaaS-to-SaaS connection footprint.

The gap between policy and enforcement is considerable. While 90% have policies to ensure the use of sanctioned apps, the enforcement lag represents a significant security gap.

The AppOmni report provides wide-ranging insights and recommendations based on its findings, addressing issues such as eroding vigilance after deployment, searching for ROI amid competing priorities, and the ongoing challenge of decentralisation. The survey sample includes enterprises from a variety of countries with a substantial portion representing large organisations with over 2,500 employees.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X