SaaS Security Gaps Widen Amid Rising Breaches

Most Organizations Demand Stronger Oversight of AI-Driven Applications

AppOmni, a leading name in SaaS and AI security, has just published its third annual The State of SaaS Security 2025 Report, which sheds light on a troubling increase in security incidents related to SaaS, the growing complexity of application ecosystems, and the new risks that come with AI-enabled technologies. The insights come from a survey of over 800 senior security professionals from the United States, United Kingdom, Germany, Australia, and Japan, covering various sectors like finance, healthcare, manufacturing, and software. Interestingly, 75% of those surveyed work at companies with more than 2,000 employees.

The report points out that even though SaaS environments are among the most targeted parts of today’s IT infrastructure, they remain some of the least protected. It emphasizes the urgent need for businesses to shake off their misplaced confidence and implement robust, clearly defined SaaS security strategies to tackle the fast-evolving cyber threats.

Key issues highlighted include a growing gap between perceived security and actual vulnerabilities, operational flaws in current SaaS security practices, and whether existing security frameworks are adapting quickly enough to meet challenges like AI governance and increasing regulatory demands.

“This report marks a critical inflection point for the industry: The data shows a concerning ‘illusion of control,’ where the vast majority of security leaders feel confident in their SaaS security posture, even as a huge number of them are dealing with SaaS-related incidents,” said Brendan O’Connor, CEO of AppOmni. “Today's SaaS risks are not theoretical—they’re real, and they’re impacting businesses now. The key lesson for enterprises is that visibility alone is not security, and trust in SaaS vendors is not a strategy. We need a fundamental shift from ad hoc, reactive processes to a mature, disciplined approach built on continuous monitoring and clear ownership. Our report helps organizations with a path forward, so they can move from SaaS complexity to clarity and build true resilience.”

O’Connor highlighted the importance for organizations to move away from disjointed, reactive approaches and instead adopt structured, ongoing security programs that emphasize ownership and continuous monitoring.

Even though 96% of those surveyed acknowledge the growing significance of SaaS security, many organizations are still held back by outdated practices and a fundamental misunderstanding of shared security responsibilities. The report reveals several key findings:

• AI brings new governance challenges: 61% of respondents expect AI to take center stage in SaaS security discussions over the next year, especially regarding the oversight of non-human identities and the use of generative AI in applications.
• Security incidents are on the rise: 75% of organizations reported experiencing at least one SaaS-related breach in the past year, which is a 33% increase compared to 2024.
• A gap between confidence and reality: While 91% feel confident in their SaaS security measures, three-quarters still faced a breach, highlighting a concerning disconnect.
• Visibility without action is futile: 89% of organizations that experienced breaches believed they had sufficient visibility, pointing to the risks of relying solely on monitoring without taking active steps for enforcement or validation.
• Limited use of specialized tools: Only 13% of organizations currently utilize a dedicated SaaS Security Posture Management (SSPM) solution, even though nearly a third recognize the need for one.
• Basic hygiene remains a significant vulnerability: 41% of incidents were due to improper permissions, and 29% were caused by configuration errors.

These insights drive home a crucial point: SaaS security doesn’t have to be overly complex, but it definitely needs to adapt as threats grow. With the right tools and clear responsibilities, organizations can shift from a reactive mindset to a more sustainable, proactive security approach.

The State of SaaS Security 2025 report acts as both a snapshot of the current security environment and a roadmap for future readiness. It lays out a practical framework for implementing SaaS security and provides recommendations to help businesses build lasting resilience.

Be sure to download the full report today and sign up for the upcoming webinar on August 20th. You’ll get to dive into key highlights, hear real-world insights from customers, and discover actionable steps to enhance your SaaS security strategy.