Organisations prioritise SaaS security, increase budgets amid cuts
Overall, 70% of organisations have prioritised investment in SaaS (Software as a Service) security, establishing dedicated teams to oversee their cloud-based applications, as revealed by the latest SaaS Security Survey Report for 2025. Conducted by the Cloud Security Alliance (CSA) and commissioned by Adaptive Shield, the survey collected insights from 478 IT and security professionals representing diverse organisations globally.
Despite facing economic turbulence and staff reductions, businesses are not shying away from bolstering their SaaS security infrastructure. The survey findings underscore a substantial commitment, with 39% of respondents indicating an increase in their SaaS security budgets compared to the previous year, and 56% reporting an expansion of their security staff.
Hillary Baron, the lead author of the report and Senior Technical Director for Research at CSA, stated, "In a year marked by economic uncertainty and layoffs, these results highlight the recognition among organisations that even the most secure systems remain vulnerable to increasingly inventive threat actors."
The survey identifies that 57% of organisations have formed SaaS security teams comprising at least two dedicated full-time employees, while another 13% have allocated one full-time employee to SaaS security. This shift towards dedicated roles signifies the growing importance of maintaining robust security protocols within SaaS ecosystems.
An improvement in SaaS security capabilities was another notable observation. Around 70% of organisations now report having moderate to full visibility into their SaaS applications, nearly doubling the coverage since last year. This enhanced visibility enables organisations to preempt breaches and detect threats more effectively.
However, the challenge of managing SaaS security remains formidable for many. Misconfigurations, connected apps, and visibility into security risks are identified as the most challenging areas. Specifically, 73% of respondents noted difficulties in maintaining visibility into business-critical apps, while 65% struggled with tracking and monitoring threats from third-party connected apps, and another 65% faced challenges in locating and resolving misconfigurations.
Organisations utilising SaaS Security Posture Management (SSPM) tools have reported significantly better visibility into their SaaS environment. Approximately 62% of SSPM users could oversee over 75% of their SaaS stack, compared to just 31% for those employing other tools or manual processes.
Investment in SaaS security appears to be yielding positive outcomes. There was a marked reduction in SaaS security incidents this year, with only 25% of respondents experiencing an incident in the past two years compared to 53% previously. The most frequently reported issues were data breaches (52%), data leakage (50%), unauthorised access (44%), and malicious applications (38%).
Maor Bin, CEO and co-founder of Adaptive Shield, remarked on the findings, "Organisations now understand that investments in preventive methods are the right approach to tackling today's sophisticated threats. The major leap in SaaS maturity aligns with the rapidly growing demand we observe in the market."
The comprehensive survey conducted in January 2024, analysed by CSA's research analysts, provides a critical overview of the evolving landscape of SaaS security. It serves as a foundational reference for organisations aiming to enhance their security posture in an increasingly cloud-centric IT environment.
The findings point towards a trend where large enterprises are increasingly integrating comprehensive tools like SSPM to consolidate their security measures and protect themselves against multifaceted security threats. This growing emphasis on SaaS security investments reveals a broader shift towards prioritising cybersecurity amidst a rapidly evolving digital landscape.