Wing Security, a leader in SaaS security, released its SaaS and AI-Risk for Mid-Market Organizations Survey Report in partnership with the Cloud Security Alliance (CSA). The report explores how organizations are addressing Software as a Service (SaaS) security risks, from managing misconfigurations and artificial intelligence (AI)-driven threats to overcoming budgetary constraints and limited tooling. As organizations with around 1,000 employees average close to 700 sanctioned and unsanctioned SaaS applications, the findings highlight the gaps in their current strategies and provide actionable insights for improving their security posture.

Cyber Technology Insights: Torq Reports 300 Percent Revenue Growth, 200 Percent Employee Rise

“We see that organizations are concerned about SaaS security and risks posed by AI, but often lack the resources or even the know-how to take the steps to protect their businesses from these threats”

By highlighting real-world challenges and priorities in risk management, the report uncovers critical insights for mid-sized security teams striving to stay resilient in an increasingly complex threat landscape. Key findings include:

  • Security Teams are Struggling with a Growing Attack Surface and Tracking Application Use: Only 44% of organizations prioritize protecting all their sanctioned applications, while a mere 17% include unsanctioned ones in this priority.
  • Mid-Market Organizations Prioritize Protecting “Crown Jewels,” Causing Gaps in Security: Many mid-market organizations recognize the critical role of configuration management in their critical apps like Google Workspace, Microsoft 365 and Salesforce, but only 28% report that they are focused on automating configurations across all their applications, leaving many apps unprotected.
  • AI-Related Risks are a Growing Concern, but Organizations Lack a Formal Plan: Only 6% of organizations see compliance as a pressing issue, reflecting an imbalance in risk prioritization that could lead to long-term challenges as AI regulations evolve. ​​Moreover, while 51% of organizations rely on their security teams to manage AI risks, 33% reported that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.
  • SaaS Security Strategy is Hindered by Insufficient Tooling and Reliance on Manual Processes: Currently, 48% of organizations rely on manual processes to manage SaaS risks, and another 48% utilize Cloud Access Security Brokers (CASB) for oversight.

“We see that organizations are concerned about SaaS security and risks posed by AI, but often lack the resources or even the know-how to take the steps to protect their businesses from these threats,” said Ran Senderovitz , Chief Operating Officer at Wing Security. “At Wing, we are working to make SaaS security more manageable, with increased visibility and actionable insights to secure your business and employees. As organizations are using hundreds of sanctioned and unsanctioned SaaS apps, prioritizing covering the risks involved is paramount to a holistic security strategy.”

Organizations need to formalize their AI risk management strategies, clarify accountability, and focus more on compliance. Without addressing these gaps, they will remain vulnerable to emerging AI risks and future regulatory challenges.

The survey was conducted online by CSA in October 2024 and received 406 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

Cyber Technology Insights: Hypori Raises $12M to Boost Zero Trust BYOD Adoption

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com

Source – Businesswire