Emerging threats include vulnerabilities in SaaS integrations, risks associated with AI applications, and the expansion of unauthorized "shadow" SaaS applications. The average cost of a SaaS breach has risen to $4.88 million, yet security investments lag behind the rapid adoption of SaaS solutions. Obsidian Security's findings have influenced updates to the MITRE ATT&CK framework, highlighting the need for organizations to reassess their security strategies. The report is available for further insights, and Obsidian offers solutions to reduce the SaaS attack surface by 85%.
Key takeaways:
- Obsidian Security's 2025 SaaS Security Threat Report reveals a 300% year-over-year increase in SaaS breaches, primarily due to identity compromises.
- 99% of SaaS compromises originate at the identity provider, highlighting the critical importance of securing SaaS identities.
- Multi-Factor Authentication (MFA) failed to prevent attacks in 84% of incident responses, indicating the need for more robust security solutions.
- The average cost of a SaaS breach has risen to $4.88 million, yet security investment in this area lags behind the rapid adoption of SaaS solutions.