Tuesday, July 15, 2025
AppOmni report finds urgent gaps in SaaS security readiness
SaaS security is becoming a critical enterprise concern, but many organizations are not as prepared as they believe, according to the recently released State of SaaS Security 2025 Report from AppOmni. The SaaS and AI security company's third annual report revealed a sharp rise in SaaS-related security incidents and mounting risks stemming from AI-enabled applications, all while organizations cling to a false sense of confidence in their existing protections.
AppOmni, based in San Mateo, Calif., surveyed more than 800 global security leaders across industries such as finance, healthcare, manufacturing, and software. The majority—representing organizations with over 2,000 employees in the U.S., U.K., Germany, Australia, and Japan—agree that SaaS security is more important than ever. However, the report highlights a major disconnect: while 91% of respondents express confidence in their SaaS security posture, 75% experienced a SaaS-related security incident in the past year—a 33% increase over 2024.
"This report marks a critical inflection point for the industry," said Brendan O'Connor, CEO of AppOmni. "Today's SaaS risks are not theoretical—they're real, and they're impacting businesses now. We need a fundamental shift from ad hoc, reactive processes to a mature, disciplined approach built on continuous monitoring and clear ownership."
Illusion of control amid complexities
Key findings point to an "illusion of control" within SaaS environments, where visibility alone is mistaken for comprehensive security. Of those compromised, 89 percent believed they had sufficient visibility into their SaaS environments. But without enforcement, proper tooling, and ongoing validation, that visibility is often misleading.
The report also highlights that artificial intelligence is creating new governance complexities. Sixty-one percent of respondents expect AI to dominate SaaS security conversations in the year ahead, particularly in managing non-human identities (NHIs) and generative AI access within applications.
Basic issues like permission errors and misconfigurations remain leading causes of breaches—41 percent and 29 percent of incidents, respectively. Yet only 13 percent of organizations currently use a dedicated SaaS Security Posture Management (SSPM) solution, despite nearly a third acknowledging they need one.
Lack of clarity, outdated habits
A lack of clarity around the shared responsibility model and default ownership structures further hampers progress. Organizations are urged to rethink outdated habits and adopt streamlined, scalable programs that emphasize continuous validation, proactive hygiene, and the right mix of tools.
AppOmni's report provides not only a snapshot of the current state of SaaS security but also a practical framework to simplify and operationalize defense strategies. With SaaS continuing to serve as a prime target in today's threat landscape—and AI accelerating the complexity—the need for action is immediate.
The full State of SaaS Security 2025 Report is available for download here. AppOmni will also host a webinar on August 20 to review key findings, share real-world lessons, and provide actionable guidance for improving SaaS security posture.
AppOmni will also host a webinar on Aug. 20, 2025 to review key findings, share real-world lessons and provide actionable guidance for improving SaaS security posture.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.