SAN FRANCISCO--()--Wing Security, a leader in SaaS security, today released its SaaS and AI-Risk for Mid-Market Organizations Survey Report in partnership with the Cloud Security Alliance (CSA). The report explores how organizations are addressing Software as a Service (SaaS) security risks, from managing misconfigurations and artificial intelligence (AI)-driven threats to overcoming budgetary constraints and limited tooling. As organizations with around 1,000 employees average close to 700 sanctioned and unsanctioned SaaS applications, the findings highlight the gaps in their current strategies and provide actionable insights for improving their security posture.

By highlighting real-world challenges and priorities in risk management, the report uncovers critical insights for mid-sized security teams striving to stay resilient in an increasingly complex threat landscape. Key findings include:

  • Security Teams are Struggling with a Growing Attack Surface and Tracking Application Use: Only 44% of organizations prioritize protecting all their sanctioned applications, while a mere 17% include unsanctioned ones in this priority.
  • Mid-Market Organizations Prioritize Protecting “Crown Jewels,” Causing Gaps in Security: Many mid-market organizations recognize the critical role of configuration management in their critical apps like Google Workspace, Microsoft 365 and Salesforce, but only 28% report that they are focused on automating configurations across all their applications, leaving many apps unprotected.
  • AI-Related Risks are a Growing Concern, but Organizations Lack a Formal Plan: Only 6% of organizations see compliance as a pressing issue, reflecting an imbalance in risk prioritization that could lead to long-term challenges as AI regulations evolve. ​​Moreover, while 51% of organizations rely on their security teams to manage AI risks, 33% reported that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.
  • SaaS Security Strategy is Hindered by Insufficient Tooling and Reliance on Manual Processes: Currently, 48% of organizations rely on manual processes to manage SaaS risks, and another 48% utilize Cloud Access Security Brokers (CASB) for oversight.

“We see that organizations are concerned about SaaS security and risks posed by AI, but often lack the resources or even the know-how to take the steps to protect their businesses from these threats,” said Ran Senderovitz , Chief Operating Officer at Wing Security. “At Wing, we are working to make SaaS security more manageable, with increased visibility and actionable insights to secure your business and employees. As organizations are using hundreds of sanctioned and unsanctioned SaaS apps, prioritizing covering the risks involved is paramount to a holistic security strategy.”

Organizations need to formalize their AI risk management strategies, clarify accountability, and focus more on compliance. Without addressing these gaps, they will remain vulnerable to emerging AI risks and future regulatory challenges.

The survey was conducted online by CSA in October 2024 and received 406 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

For more data, insights and recommendations from Wing Security and the CSA, download the full SaaS and AI-Risk for Mid-Market Organizations Report.

About Wing Security

Wing Security is a leading provider of cybersecurity solutions, dedicated to protecting organizations from SaaS-related threats. With cutting-edge technology and a team of expert researchers, Wing Security offers comprehensive security solutions tailored to the unique needs of each organization.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit at www.cloudsecurityalliance.org, and follow on Twitter @cloudsa.