Respondents agree that SaaS security is becoming more important, legacy habits and a lack of awareness are holding them back.
The majority of organisations are confident in their SaaS security posture, although two-thirds demand better oversight of generative AI tool access within SaaS apps.
Research by AppOmni of 800 global security leaders found 89 percent of compromised organisations believed they had “appropriate visibility” into their SaaS environment. This is despite three-quarters experiencing a SaaS incident, revealing a serious disconnect.
Whilst 96 percent of respondents agree that SaaS security is becoming more important, legacy habits and a lack of awareness are holding them back. Root causes of this security gap range from scattered, default ownership models, to a critical misunderstanding of the shared responsibility model.
Brendan O’Connor, CEO of AppOmni said the data shows a concerning ‘illusion of control,’ where the vast majority of security leaders feel confident in their SaaS security posture, even as a huge number of them are dealing with SaaS-related incidents.
“Today's SaaS risks are not theoretical—they’re real, and they’re impacting businesses now,” he said. “The key lesson for enterprises is that visibility alone is not security, and trust in SaaS vendors is not a strategy. We need a fundamental shift from ad hoc, reactive processes to a mature, disciplined approach built on continuous monitoring and clear ownership. “
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
