Focusing on SaaS Security Priorities for the Year 2025
In a significant shift, SaaS security has become a top priority for organizations in the Asia Pacific (APAC) region, according to the latest Annual SaaS Security Survey: 2025 CISO Plans and Priorities by the Cloud Security Alliance (CSA), commissioned by SaaS security leader Adaptive Shield.
The report reveals that 71% of APAC organizations find achieving visibility into business-critical apps and monitoring security risks from third-party connected apps as their biggest challenges in managing Software as a Service (SaaS) applications. This is a clear indication of the complexities and potential risks associated with the increasing use of SaaS applications in the region.
To address these challenges, nearly 70 percent of enterprises in APAC are prioritizing investment in SaaS security by establishing dedicated teams. The emergence of SaaS-specific security roles was identified for the first time in the annual survey, with 68% of APAC respondents confirming they have such dedicated teams.
The survey also highlights the growing importance of SaaS Security Posture Management (SSPM) in ensuring comprehensive visibility into the SaaS environment. Companies that have adopted SSPM are more likely to have full visibility into their SaaS stack, with 62% of these organizations overseeing over 75% of their SaaS environment, compared to those using other tools and manual processes (31%).
However, APAC enterprises reported weaker SaaS security capabilities in areas such as threat detection, third-party connected apps risk mitigation, and SaaS security misconfiguration remediation. For instance, 43% of APAC respondents can detect abnormal activity, 46% can detect MFA changes, and 59% can detect logins from different locations in SaaS applications, with lower rates compared to the Americas and Europe.
The threat of SaaS breaches is larger than ever, and SaaS security has surged to the forefront of corporate agendas. Business-critical apps such as Microsoft 365, Google Workspace, GitHub, Bitbucket, and Jira are the most difficult apps to secure, according to APAC respondents.
To combat these challenges, more than half of enterprises in APAC added headcount to their SaaS security programs in 2023. The role of SaaS security is cross-functional, overlaying multiple areas that are rarely touched by just a single team, according to the CSA.
In a concerning development, APAC saw a spike in cyber attacks in 2023. Australia saw a 23% spike in cyber attacks, Singapore recorded a 52.9% increase, and organizations in India reported 15% more cyber attacks. To counteract this, organizations in the region increased their SaaS security budget in 2023 compared with 2022.
While APAC lags behind the Americas and Europe in terms of solutions to manage identity-based SaaS threats and third-party connected app risk, it is encouraging to see that 53% of APAC organizations have a solution to manage identity-based SaaS threats.
The most widely used SaaS security solution in Europe for managing identity-based SaaS threats is the CyberArk identity security platform, which provides comprehensive identity security including privilege controls, lifecycle management, adaptive Multi-Factor Authentication (MFA), and threat prevention across SaaS, hybrid, and cloud environments.
As organizations in APAC continue to adopt and rely on SaaS applications, it is crucial that they invest in robust SaaS security measures to protect their business-critical apps and data. With 66% of APAC organizations making SaaS security a high or moderate priority, it seems that the region is moving in the right direction.
Read also:
- Trump announces agreement with Chinese authorities on TikTok deal
- List of 2025's Billionaire Video Game Moguls Ranked by Fortune
- Dynamic exchange of power and data is shaping the network of tomorrow
- Italy passes legislation regulating AI, focusing on privacy protection, supervision, and safeguards for minors
