TLDR:
Almost a third of global organizations suffered a breach of data in their SaaS applications last year, according to a report by AppOmni. Key contributing factors include a lack of awareness about cybersecurity posture, cybersecurity accountability, visibility into SaaS applications, and poor policy enforcement.
- 31% of organizations experienced SaaS data breaches last year
- Key factors contributing to breaches include lack of awareness, accountability, visibility, and policy enforcement
Full Article
According to a report by AppOmni, almost a third (31%) of global organizations experienced data breaches in their SaaS applications in the past year. The report surveyed 644 enterprises in six countries and identified key contributing factors to these breaches.
One major issue highlighted in the report is the lack of awareness about cybersecurity posture among organizations. Despite this, 72% of respondents claimed their organization has a mature SaaS cybersecurity program rating. Additionally, 50% of respondents attributed responsibility for securing SaaS to business owners, rather than centralized cybersecurity teams.
Another concerning finding was the lack of visibility into SaaS applications, with 49% of respondents using Microsoft 365 reporting fewer than 10 connected applications, despite data indicating an average of 1000+ connections. Alongside this, poor policy enforcement was identified as a significant issue, with only 34% of respondents strictly enforcing policies to ensure sanctioned apps are used.
Organizations are primarily concerned about losing intellectual property (34%), reputational damage (30%), and breaches of customer data (27%). Confidence in the security of corporate and customer data stored in SaaS apps has decreased to just 32% from 42% the previous year.
AppOmni recommended three best practices to help mitigate the risk of SaaS data breaches. These include tracking data closely for risk visualization, implementing strong policy controls with single sign-on and multi-factor authentication, and monitoring apps continuously to prevent configuration drift.
In conclusion, the report highlights the alarming frequency of SaaS data breaches and the key factors contributing to these incidents. Organizations must prioritize cybersecurity awareness, accountability, visibility, and policy enforcement to protect their data and prevent future breaches.