The State of SaaS Security Posture Management Report by cybersecurity [1] [2] [3] [4] company AppOmni highlights the growing recognition of SaaS cybersecurity as a critical aspect of the cyber threat landscape. This report presents key findings from a survey of over 600 IT, cybersecurity, and business leaders at medium-sized organizations.


According to the report, 71% of organizations rate their SaaS cybersecurity maturity level as mid-high or the highest level [4]. However, despite this confidence, 79% of organizations reported SaaS cybersecurity incidents in the past year [2] [4], even with cybersecurity policies in place [1] [4]. These incidents often resulted from preventable issues such as over permissioned users [2], app misconfigurations [1] [2], and human error-related data exposures [2].

The report also emphasizes the underestimated risk of SaaS applications [2] [4], with enterprises investing more in SaaS services than Infrastructure-as-a-Service (IaaS) services [4]. It highlights the need for improved SaaS protection [4], as traditional cybersecurity tools and procedures are no longer sufficient [4]. The report identifies three key misunderstandings in SaaS cybersecurity: misconceptions about SaaS data security [4], overconfidence in the extent of SaaS cyber risk visibility [1] [4], and misreading the SaaS cyber threat model [2] [4]. It also highlights the lack of SaaS compliance monitoring [4], which poses further risk to organizations in advanced economies [4].

Furthermore, the report reveals that SaaS data breaches can have devastating consequences, with the average cost of a data breach reaching $4.45 million in 2023. It acknowledges the productivity benefits of SaaS, with nearly 45% of respondents using over 100 SaaS apps. However, it warns that SaaS applications carry hidden risks, and organizations often lack continuous visibility into SaaS applications after pre-procurement due diligence. Monitoring and detecting SaaS-to-SaaS connections are also limited or non-existent [1], increasing the risk of attack.


The report underscores the need for organizations to prioritize SaaS cybersecurity and invest in robust protection measures. It highlights the impacts of SaaS incidents and data breaches, emphasizing the significant financial costs involved. The report also calls for improved understanding of SaaS cybersecurity risks and the implementation of effective compliance monitoring. As organizations increasingly rely on SaaS applications, it is crucial to address these challenges to mitigate future cyber threats and protect sensitive data.