If your 2025 New Year’s resolutions don’t include assessing SaaS-related risks, it’s time to rethink priorities. Over the past four years, we’ve analyzed the usage of 350,000+ SaaS applications, across hundreds of organizations and studied all publicly known SaaS breaches. From these insights, five critical predictions have emerged, underscoring the need to expand security priorities to SaaS services with a sharp focus on identity integrity.
Prediction 1: SaaS adoption accelerates by more than 30% due to AI
AI-driven SaaS models like ChatGPT, Gemini, and Claude are revolutionizing workflows but they are also exposing security gaps. While most security professionals focused on the safe usage of these models within their orgs, a bigger risk emerged. The rush to adopt AI-embedded tools has increased interconnected non-human identities that enable app-to-app integrations and data sharing, creating backdoors for attackers.
In 2024, over 10,000 AI-powered SaaS tools were identified. These usages are so compelling to user productivity that they are unstoppable. By 2027, mid-market organizations are projected to use well over 1,000 SaaS apps, up from 750 in 2024. Employees will connect their identities to more than 40 services on average, a 30% rise from 2024, amplifying unmanaged risks.
Tools like Cloud Access Security Brokers (CASBs) offer visibility but lack the ability to monitor app-to-app integrations or token permissions. Without addressing these gaps, security teams remain blind to critical risks.
Prediction 2: Human and machine identities: The weakest link
Managing SaaS identities is becoming a major challenge. Legacy solutions often focus on Active Directory or stand-alone IAM tools, but they are unable to cover up to 80% of the SaaS identity attack surface. Machine identities, app-to-app integrations, and unmanaged tokens outnumber human users by up to 5:1, further amplifying risks.
Critical vulnerabilities include:
- Misconfigured access settings.
- Weak or absent multi-factor authentication (MFA).
- Unused tokens prone to exploitation.
For instance, many organizations assume their MFA setups are robust. However, when checked by external monitoring tools- 27% of Microsoft-based organizations and 18% of Google-based organizations have at least one administrator without MFA.
To address these challenges, organizations are likely to deploy tools that will :
- Discover and manage human, machine, and service identities.
- Proactively fix misconfigurations, a leading cause of breaches.
- Use Identity Threat Detection and Response (ITDR) tools for SaaS environments.
Without these measures, the complexity of SaaS environments will outpace security efforts, significantly increasing breach risks.
Prediction 3: Common attackers will accelerate the exploitation of SaaS gaps
Nation-state actors have led the way in exploiting SaaS vulnerabilities, often targeting Identity Access Management (IAM) systems as an entry point. Their advanced tactics—AI-driven attacks, Ransomware-as-a-Service (RaaS), and MFA bypassing—are now accessible to smaller, common criminal enterprises.
High-profile breaches highlight this trend. In the Dropbox Sign breach, attackers compromised privileged service accounts to gain access. Similarly, Cloudflare and Snowflake were targeted through identity misconfigurations. Misconfigurations in critical SaaS applications like Salesforce and Microsoft 365 have become top attack vectors, forcing CISOs to adopt robust SaaS Security Posture Management (SSPM) strategies.
To mitigate these risks, organizations will move to deploy:
- Continuous configuration monitoring for critical IAM SaaS services.
- SaaS-focused ITDR solutions to detect and respond to malicious activity.
Prediction 4: Insurers mandate stricter SaaS risk controls
Cyber insurers are tightening requirements, favoring companies with documented SaaS risk assessments. Organizations with strong risk management systems are 25% more likely to secure favorable insurance terms. Yet many tools today don’t cover SaaS risks
Insurers have flagged SaaS vulnerabilities—especially from user-enabled integrations and misconfigured or exposed login panels—as key risk factors.
Discovery platforms are increasingly being deployed by insurers themselves to identify and notify customers of critical SaaS risks, aiming to reduce claims.
Fueled by the simplicity of SaaS Risk scanner usage, we predict that in 2025 insurers will:
- Require stricter SaaS exposure scans as a standard.
- Partner with Managed Security Service Providers (MSSPs) for deeper SaaS assessments.
Organizations that proactively address these requirements will secure better coverage and reduced premiums. SaaS security scanners, which are quick to deploy, offer significant ROI by optimizing risk exposure.
Prediction 5: Regulators enforce stricter SaaS compliance
Auditors and regulators are ramping up enforcement of SaaS security controls with more strict interpretations of the requirements. Frameworks like NY-DFS in the U.S. and DORA in the EU are already setting the stage for stricter compliance requirements for 3rd party information systems, focusing on:
- Comprehensive discovery of all SaaS connections and integrations.
- Continuous monitoring of user and non-human access, MFA usage, and least privilege enforcement.
The interpretation of the controls has been inconsistent across auditors, yet we expect the increased dialog around it to create new deployment standards.
By 2025, regulations such as GDPR and CCPA will push organizations toward real-time SaaS oversight. SSPM solutions will become integral to compliance strategies, enabling organizations to detect misconfigurations, secure identities, and maintain compliance seamlessly.
Implications for CISOs
To stay ahead, CISOs must prioritize comprehensive SaaS risk assessments to determine their strategy based on data vs intuition.
They will need to continue to adopt proactive security strategies. Key actions include:
- Extending identity protection into SaaS
- Adopting tools to monitor SaaS risks, prioritizing them with frameworks like MITRE ATT&CK
- Aligning IAM/IDP configurations with strict frameworks like SCuBA.
- Extend ITDR (Identity threat detection) into SaaS
Organizations that take these steps will be better positioned to manage evolving SaaS complexities and secure their environments in 2025 and beyond.
