SaaS Security Threat Report 2025

The fastest time from initial access to data exfiltration was as little as 9 minutes.

There was a 300% year-over-year increase in SaaS breaches between September 2023 and 2024.

SaaS spend is approximately $8,700 per employee.

85% of SaaS breaches began with a compromised identity.

Adversary-in-the-middle (AiTM) attacks accounted for 39% of these incidents.

MFA failed to prevent attacks in 84% of incident responses.

Organizations typically deploy around 100 AI applications, with 60% lacking proper security controls or federation behind the IdP.

The average cost of a SaaS breach has risen to $4.88 million.

Organisations can achieve an 85% reduction in their SaaS attack surface with better security measures.

The healthcare sector experienced the highest number of SaaS breaches from September 2023-2024, accounting for 14% of the total. This was followed by state and local government at 13% and financial services at 11%.

Other credential compromise techniques used to target SaaS applications included self-service password reset (24%), single-factor password guessing (14%), and push fatigue (13%).

99% of SaaS compromises originate at the identity provider (IdP).