SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Illustration cloud icons locks broken computers smartphones it professionals worried globally data security vulnerabilities
#
Cloud Security
#
AI Security
#
GenAI

Rising SaaS breaches reveal overconfidence & lax defences

Yesterday
Author image
By Shannon Williams, Journalist

A new report from security company AppOmni shows a growing number of organisations experiencing SaaS data breaches or security incidents in the past year, with 75% reporting such incidents - a 33% increase compared to 2024.

The findings are based on insights from more than 800 global security leaders across the United States, United Kingdom, Germany, Australia, and Japan, with three-quarters representing large enterprises employing over 2,000 staff.

Rising incident rates

The 2025 State of SaaS Security Report highlights a continued increase in SaaS-related security incidents, along with a growing complexity of application ecosystems and new risks stemming from artificial intelligence-enabled applications. The report identifies SaaS as one of the most commonly targeted areas within enterprise IT infrastructure, but also as one of the least defended.

Despite the rise in incidents, confidence among organisations remains high. AppOmni found that 91% of surveyed organisations expressed confidence in their current SaaS security posture, even as three-quarters had experienced a recent SaaS breach or incident.

"This report marks a critical inflection point for the industry: The data shows a concerning 'illusion of control,' where the vast majority of security leaders feel confident in their SaaS security posture, even as a huge number of them are dealing with SaaS-related incidents," said Brendan O'Connor, CEO of AppOmni. "Today's SaaS risks are not theoretical - they're real, and they're impacting businesses now. The key lesson for enterprises is that visibility alone is not security, and trust in SaaS vendors is not a strategy. We need a fundamental shift from ad hoc, reactive processes to a mature, disciplined approach built on continuous monitoring and clear ownership. Our report helps organizations with a path forward, so they can move from SaaS complexity to clarity and build true resilience."

Confidence does not equal protection

The report reveals that 89% of organisations compromised in the past year believed they had "appropriate visibility" into their SaaS environment at the time. However, the figures suggest that visibility without enforcement or continuous validation is inadequate.

Another area of concern is the responsibility for SaaS security. Only 16% of organisations assign SaaS security duties to dedicated security teams, while 43% leave it to individual business units. Furthermore, 53% of confident respondents base their security posture on trust in SaaS vendors, rather than conducting their own internal validation.

Basic security hygiene also remains a critical weakness. According to the report, 41% of incidents were due to permission issues, while 29% resulted from misconfigurations. These findings suggest that many security incidents are preventable through improved controls and processes.

AI and governance challenges

The report also notes that 61% of respondents expect artificial intelligence to dominate SaaS security discussions in the coming year. There is a demand for better oversight of non-human identities and generative AI tool access within SaaS applications, but only 7% of organisations are concerned about the unintended input of data to AI or large language model-based applications.

Tooling gaps persist within organisations. Only 13% of respondents currently utilise a dedicated SaaS Security Posture Management solution, although nearly a third indicate a need for such tooling.

Security as a growing priority

The research highlights that 96% of respondents agree SaaS security is becoming more important, but many organisations are hampered by legacy habits and a lack of awareness. Challenges cited include scattered, default ownership of SaaS apps and policies that are not strictly enforced. Only 22% of organisations have a policy regarding approved applications but do not enforce it strictly, a slight improvement over the previous year.

The importance of SaaS security is increasingly recognised at the executive level, with 72% of those surveyed now viewing SaaS security as one of their top three cybersecurity priorities, up from 67% the year before. The report urges organisations to move beyond reactive security and adopt more structured, proactive programmes based on clear ownership and continuous monitoring.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Rubrik boosts AWS database security with DynamoDB, RDS tools
Fortinet named SASE leader by Gartner, eyes USD $28.5 billion market
Mobile app breaches cost firms USD $7 million despite confidence
Ransomware, AI & vendor risks drive billions in 2025 breaches
DevOps platforms see surge in outages & downtime in 2024 report

Top stories

Saviynt MCP Server launches on AWS Marketplace for AI tools
KnowBe4 named a top workplace for 2025 in cybersecurity sector
Golden dMSA flaw in Windows Server 2025 exposes Active Directory
Low trust in third-party vendors weakens UK digital resilience
F5 unveils AI Assistant to automate iRules & simplify app security