Majority of firms bolster SaaS security despite economic woes
A recent survey conducted by the Cloud Security Alliance (CSA) has revealed that 70% of organisations have established dedicated teams for Software as a Service (SaaS) security, notwithstanding the prevailing economic uncertainties and workforce reductions. This finding is part of the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities, released by CSA, a globally recognised entity focused on setting standards, certifications, and best practices for a secure cloud computing environment.
The survey, commissioned by SaaS security leader Adaptive Shield, highlights that 39% of organisations have increased their budgets for SaaS cybersecurity compared to the previous year. This trend underscores the growing awareness among organisations about the inevitability of threats, necessitating robust security measures. Hillary Baron, the lead author of the report and Senior Technical Director for Research at CSA, noted, "These results speak volumes to organisations' realisation that even the most secure systems are vulnerable to increasingly inventive threat actors."
Beyond the broad prioritisation of SaaS security, the survey identified the emergence of SaaS-specific security roles. Notably, 57% of responding organisations have teams with at least two full-time employees dedicated to SaaS security, while another 13% have one full-time employee in the role. This allocation of resources is indicative of a larger emphasis on specialised security measures to counteract potential vulnerabilities in SaaS applications.
Advancements have also been made in enhancing visibility into the SaaS stack. The survey revealed that 70% of organisations now report moderate to full visibility into their SaaS applications, nearly double the visibility reported in the previous year. This improved transparency is crucial for preventing breaches and detecting threats in real time.
However, the survey also highlights ongoing challenges in managing SaaS security. Organisations reported difficulties in achieving visibility into business-critical applications, tracking and monitoring security risks from third-party connected apps, and addressing SaaS misconfigurations. These challenges, which 73%, 65%, and 65% of respondents respectively identified as critical concerns, often stem from using suboptimal tools such as Cloud Access Security Brokers (CASB) and manual audits. Conversely, organisations that have adopted SaaS Security Posture Management (SSPM) tools report significantly better visibility, with 62% of these organisations overseeing more than 75% of their SaaS environment, compared to 31% of those using other tools.
Despite these challenges, the investment in SaaS security appears to be yielding positive results. The survey noted a decline in the incidence of security breaches, with 25% of respondents experiencing a SaaS security incident in the past two years, compared to 53% in the previous year. The most frequently reported incidents were data breaches (52%) and data leakage (50%), followed by unauthorised access (44%) and malicious applications (38%).
Maor Bin, CEO and co-founder of Adaptive Shield, emphasised the importance of preventative measures in SaaS security. He stated, "Large enterprises now understand that investments in preventative methods are the right approach. Organisations have accumulated a wide range of tools that cover single use cases, leaving them exposed from new attack surfaces, and forcing them to manage many different solutions."
The survey was conducted online by CSA in January 2024, with 478 responses from IT and security professionals representing large organisations across various industries and locations. The findings reflect the growing sophistication and maturity of SaaS security practices, as well as the critical importance of continuous investment in this area to mitigate evolving threats.