The State of SaaS Security: Setting Priorities for 2025
More than half of enterprises in APAC added headcount to their SaaS security programs in 2023, similar to growth in other regions, a new survey found.
APAC security teams need more advanced tools to detect and prevent cyber attacks on SaaS applications. Nearly 70% of enterprises in APAC are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, according to The Annual SaaS Security Survey: 2025 CISO Plans and Priorities by the Cloud Security Alliance (CSA).
Survey Findings:
- More than half of enterprises in APAC added headcount to their SaaS security programs in 2023.
- APAC is catching up in areas like threat detection and third-party app risk management.
Global security professionals across various industries shared their perspectives on SaaS security successes and challenges as CIOs prepare to set priorities for 2025. APAC is becoming an increasing target of cyber attacks, including data breaches and ransomware. Countries like Australia experienced a 23% spike in cyber attacks, Singapore saw a 52.9% increase, and India reported 15% more cyber attacks.
SaaS Security is More Important Than Ever
The survey indicates a growing importance of SaaS security amid continuous double-digit growth in enterprise adoption of SaaS applications. In APAC, 66% of organizations are making SaaS security a high or moderate priority.
Commenting on the findings, the CSA said: "For years, SaaS security has been an afterthought. However, the landscape depicted in this year’s survey paints a dramatically different picture, where SaaS security has surged to the forefront of corporate agendas."
Investment in SaaS Security is Up
For the first time, the survey identified the emergence of SaaS-specific security roles:
- 68% of APAC respondents confirmed having dedicated teams.
- 49% reported having a team of at least two full-time staffers.
- 19% said they had one person dedicated to securing SaaS applications.
Similar figures were noted in North America, with 51% having a SaaS security team and 17% having one dedicated person.
Organizations in APAC have also increased their SaaS security budgets in 2023 compared to 2022, with 26% reporting a budget increase, slightly behind the 31% in the Americas.
Organizations Are Still Learning to Improve Their SaaS Security
As cyberattack methods evolve, strong identity protection capabilities are essential. Credential theft and unauthorized access pose significant risks in SaaS environments.
Survey results:
- 53% of APAC respondents have a solution for identity-based threats.
- Comparatively, 58% of organizations in Europe and 66% in the Americas have these tools.
- 43% of APAC respondents can detect abnormal activity, weaker than 56% in the Americas and similar to 42% in Europe.
- For detecting MFA changes, 46% in APAC have this capability, compared with 58% in both Americas and Europe.
SaaS application risk mitigation remains a challenge, with only 32% of APAC respondents managing third-party connected app risk, compared with 50% in the Americas and 36% in Europe. For security misconfiguration remediation, 36% of APAC respondents have a solution, compared to 45% in the Americas and 36% in Europe.
Managing SaaS Security Challenges
While there has been improvement:
- 71% in APAC pointed to achieving visibility into business-critical apps as their biggest challenge.
- Business-critical apps like Microsoft 365, Google Workspace, GitHub, Bitbucket, and Jira are the toughest to secure.
Additional challenges include fixing SaaS misconfigurations (62%), managing applications post-Mergers & Acquisitions (62%), ensuring data governance and privacy (63%), and aligning SaaS application settings with compliance standards (61%).
SSPM Users Handle SaaS Security Challenges Better
Companies using SaaS Security Posture Management (SSPM) tools do better than those using other tools like CASB and manual audits. SSPM users are more than twice as likely to have full visibility into their SaaS stack, with 62% able to oversee over 75% of their SaaS environment compared to 31% using other tools.
Conclusion
The survey highlights the need for organizations in APAC to improve SaaS security capabilities using specialized tools for SaaS security. Enhanced measures will help mitigate risks associated with cyber attacks and ensure secure SaaS applications moving forward into 2025.