CIO Influence
CIO Influence News IT services SaaS Security

Obsidian Security Launches 2025 SaaS Security Threat Report Revealing 300% Year-Over-Year Surge in SaaS Breaches

by Business Wire
Obsidian Security Launches 2025 SaaS Security Threat Report Revealing 300% Year-Over-Year Surge in SaaS Breaches

Almost every breach resulted from identity compromise, making SaaS identities the new frontline for cyber attacks

Obsidian Security, the pioneer in Software as a Service (SaaS) security, today released its inaugural 2025 SaaS Security Threat Report, revealing an unprecedented 300% year-over-year increase in SaaS breaches between September 2023 to 2024. This surge in attacks has impacted organizations across all sectors, including major technology and telecommunications companies like Microsoft and AT&T who experienced significant breaches during this period. This dramatic surge comes as organizations increasingly rely on SaaS applications with current spend on SaaS in the hundreds of billions, or approximately $8,700 per employee for tools such as Workday, Google Workspace, ServiceNow, and Office 3651.

Also Read: The Arbitrage Opportunity of Small Language Models: Unlocking AI Efficiency and Performance

“The quality of malicious tradecraft is improving to rapidly exploit identity and configuration weaknesses to the fullest.”

Having built the industry’s largest SaaS breach data repository and through direct involvement in over 150 incident responses alongside leading firms like GuidePoint and Kroll, Obsidian Security unveils critical findings that reshape our understanding of the current threat landscape:

  • The critical importance of securing SaaS identities, Obsidian data showing 99% of SaaS compromises originate at the identity provider (IdP). Although IdPs help manage access, if they are compromised, attackers can gain lateral movement across entire systems, putting sensitive data at risk.
  • While Multi-Factor Authentication (MFA) is commonly viewed as essential, Obsidian’s data uncovers that MFA failed to prevent attacks in 84% of incident responses. MFA alone is insufficient, bringing to light the need for more robust, layered security solutions to defend against modern threats.
  • SaaS breaches unfold at an alarming speed. Obsidian’s data observed the fastest time from initial access to data exfiltration was in as little as 9 minutes. Traditional security controls cannot respond quickly enough, increasing the risk of rapid data loss and necessitating real-time monitoring and response strategies.

“The data is stark and unmistakable; securing the identity and its dynamic relationship with services and applications should be the first task for every security team,” said Glenn Chisholm, CPO of Obsidian Security. “Our unmatched dataset of real-life, real-time SaaS compromise telemetry, combined with our knowledge graph of identities across hundreds of large enterprises has allowed Obsidian Security to build AI models with unmatched efficacy. These AI and LLM models continuously learn and adapt to catch attackers before they breach an organization’s environment through SaaS.”

Obsidian Security’s ongoing research and unique insights have directly influenced updates to the MITRE ATT&CK framework, particularly in how identity-based attacks in SaaS environments are categorized and addressed. This contribution underscores Obsidian’s leadership role in shaping industry-wide security standards.

“In our breach response and intelligence work, we’re increasingly seeing that threat actors recognize the relatively vulnerable state of interconnected SaaS applications as fertile hunting grounds,” says Jim Hung, Associate Managing Director, SPARK, Cyber Risk at Kroll. “The quality of malicious tradecraft is improving to rapidly exploit identity and configuration weaknesses to the fullest.”

Also Read: Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage

Emerging Threats and Predictions

The report also highlights critical emerging risks in SaaS environments:

  • SaaS Integration Vulnerabilities: The proliferation of third-party applications has created new attack vectors, with Microsoft integration abuse becoming increasingly prevalent
  • AI Application Risks: Organizations typically deploy around 100 AI applications, with 60% lacking proper security controls or federation behind the IdP
  • Shadow SaaS Expansion: Unauthorized applications continue to connect to core environments, significantly increasing security risks

The average cost of a SaaS breach has risen to $4.88 million2, yet security investment in this area continues to lag behind the rapid adoption of SaaS solutions. This disparity creates an urgent need for organizations to reassess their security strategies and investments.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

Related posts

Aqua Security Named a Market Champion in KuppingerCole Software Supply Chain Security Leadership Compass

PR Newswire

Detectify Revolutionizes Vulnerability Assessments with Fully Autonomous AI-Built Security Tests

CIO Influence News Desk

Major League Soccer’s Columbus Crew Relying On Vertiv Power And IT Management Systems To Support World-Class Fan Experience

CIO Influence News Desk