Data leaks top SaaS security incidents, IT pros say

Over 55% of security executives said they experienced a security incident in their software-as-a-service (SaaS) environment over the last two years, a 12% increase from the previous year, according to a Cloud Security Alliance survey.

The annual survey, conducted in March by the nonprofit CSA, revealed a third of respondents (32%) did not have an incident over the last two years, while 12% said they did not know. SaaS security firm Adaptive Shield sponsored the survey.

Data leakage topped the types of security incidents experienced by the 1,130 IT and security professionals who responded to the online poll at 58%, followed by malicious apps at 47%, data breaches (41%) and ransomware (40%). 

The types of incidents, along with the 58% of respondents who said their current SaaS security solutions cover 50% or less of their SaaS applications, highlighted the growing need for robust security measures and increased awareness of the risks associated with expanding the SaaS landscape, the report’s authors wrote.

The report also noted that CISOs and security managers are shifting from being the controllers of SaaS app security to governing them as the ownership is spread out through all the different departments of their organization. But as many of the respondents head departments or are in executive-level positions, businesses are taking SaaS security seriously.

“The involvement of key decision-makers underscores the growing recognition of the critical role that SaaS security plays in protecting valuable assets and ensuring operational continuity,” the report said. “However, with so many individuals involved, it can become challenging to determine who is ultimately responsible for SaaS security.”

A large majority of respondents, 71%, said their organizations have increased their investment in security tools for SaaS, as well as investing in hiring and training staff on SaaS security (68%), according to the survey.