A new report from AppOmni has uncovered a troubling contradiction in enterprise security: while most organizations believe their SaaS environments are secure, 75% have suffered a breach or incident in the past year.
Polling over 800 security leaders, the study highlights a growing risk in SaaS applications—now among the most targeted areas of enterprise infrastructure. Despite this, SaaS remains one of the least protected segments, as businesses continue adopting dozens, sometimes hundreds, of apps without sufficient oversight.
Notably, 89% of respondents claimed confidence in their SaaS security posture. Yet AppOmni CEO Brendan O’Connor warns this reflects a dangerous “illusion of control.” He emphasized, “These threats aren’t hypothetical. They’re happening now — and too many companies are unprepared.”
The report pinpoints key concerns: 57% fear data breaches and IP loss, while 37% worry about compromised customer information. Artificial intelligence is adding new complexity, with 61% predicting it will dominate future security strategies—particularly in managing access and non-human identities.
Despite the urgency, only 13% of enterprises currently use a dedicated SaaS Security Posture Management (SSPM) tool, even though nearly one-third acknowledge the need for one. AppOmni also noted alarming gaps in basic security hygiene: 41% of incidents stemmed from permission issues, while 29% were due to misconfigurations.
The study also found that many firms rely on outdated or infrequent risk assessments. Only 43% conduct continuous monitoring, while 52% use periodic reviews, leaving significant vulnerabilities unchecked.
Perhaps most concerning, over half of companies place excessive trust in SaaS vendors instead of verifying security internally. Only 16% assign SaaS security exclusively to their security teams; 43% delegate it across business units.
O’Connor concluded, “Trusting providers is not a strategy. Enterprises must shift from reactive practices to proactive, structured security protocols with clear accountability and constant visibility.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
