Obsidian Report: 300 Percent Surge in SaaS Breaches in 2025

Obsidian Security, the pioneer in Software as a Service (SaaS) security, released its inaugural 2025 SaaS Security Threat Report, revealing an unprecedented 300% year-over-year increase in SaaS breaches between September 2023 to 2024. This surge in attacks has impacted organizations across all sectors, including major technology and telecommunications companies like Microsoft and AT&T who experienced significant breaches during this period. This dramatic surge comes as organizations increasingly rely on SaaS applications with current spend on SaaS in the hundreds of billions, or approximately $8,700 per employee for tools such as Workday, Google Workspace, ServiceNow, and Office 365.

Cyber Technology Insights: Fenix24 Acquires vArmour to Enhance Cyber Resilience

“The quality of malicious tradecraft is improving to rapidly exploit identity and configuration weaknesses to the fullest.”

Having built the industry’s largest SaaS breach data repository and through direct involvement in over 150 incident responses alongside leading firms like GuidePoint and Kroll, Obsidian Security unveils critical findings that reshape our understanding of the current threat landscape:

• The critical importance of securing SaaS identities, Obsidian data showing 99% of SaaS compromises originate at the identity provider (IdP).Although IdPs help manage access, if they are compromised, attackers can gain lateral movement across entire systems, putting sensitive data at risk.
• While Multi-Factor Authentication (MFA) is commonly viewed as essential, Obsidian’s data uncovers that MFA failed to prevent attacks in 84% of incident responses. MFA alone is insufficient, bringing to light the need for more robust, layered security solutions to defend against modern threats.
• SaaS breaches unfold at an alarming speed. Obsidian’s data observed the fastest time from initial access to data exfiltration was in as little as 9 minutes. Traditional security controls cannot respond quickly enough, increasing the risk of rapid data loss and necessitating real-time monitoring and response strategies.

“The data is stark and unmistakable; securing the identity and its dynamic relationship with services and applications should be the first task for every security team,” said Glenn Chisholm, CPO of Obsidian Security. “Our unmatched dataset of real-life, real-time SaaS compromise telemetry, combined with our knowledge graph of identities across hundreds of large enterprises has allowed Obsidian Security to build AI models with unmatched efficacy. These AI and LLM models continuously learn and adapt to catch attackers before they breach an organization’s environment through SaaS.”

Obsidian Security’s ongoing research and unique insights have directly influenced updates to the MITRE ATT&CK framework, particularly in how identity-based attacks in SaaS environments are categorized and addressed. This contribution underscores Obsidian’s leadership role in shaping industry-wide security standards.

“In our breach response and intelligence work, we’re increasingly seeing that threat actors recognize the relatively vulnerable state of interconnected SaaS applications as fertile hunting grounds,” says Jim Hung, Associate Managing Director, SPARK, Cyber Risk at Kroll. “The quality of malicious tradecraft is improving to rapidly exploit identity and configuration weaknesses to the fullest.”

Emerging Threats and Predictions

The report also highlights critical emerging risks in SaaS environments:

• SaaS Integration Vulnerabilities: The proliferation of third-party applications has created new attack vectors, with Microsoft integration abuse becoming increasingly prevalent
• AI Application Risks: Organizations typically deploy around 100 AI applications, with 60% lacking proper security controls or federation behind the IdP
• Shadow SaaS Expansion: Unauthorized applications continue to connect to core environments, significantly increasing security risks

The average cost of a SaaS breach has risen to $4.88 million², yet security investment in this area continues to lag behind the rapid adoption of SaaS solutions. This disparity creates an urgent need for organizations to reassess their security strategies and investments.

Cyber Technology Insights: Zimperium Unveils PDF-Based Cyber Threat Targeting Mobile

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com

Source – Businesswire