More than 70% of organizations in Europe are now making SaaS cybersecurity a priority, aligning with growing global maturity in managing risk in SaaS applications, according to findings of the recent Cloud Security Alliance (CSA) SaaS Security survey.
While Europe is making great strides in SaaS security, as in other regions, many gaps remain to be addressed.
Mitigating risk from third-party applications is the biggest SaaS security challenge, according to European security professionals who participated in the survey.
Moreover, the survey found that malicious applications accounted for the most common type of SaaS security issue in Europe in 2023, with 44% reporting this type of incident.
The Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities was commissioned by SaaS security leader Adaptive Shield. The survey shares the perspective of global security professionals across industries on SaaS security successes and challenges as CISOs prepare for 2025.
“For years, SaaS security has been an afterthought. However, the landscape depicted in this year's survey paints a dramatically different picture, one where SaaS security has surged to the forefront of corporate agendas,” the CSA said in the report.
According to comparative data collected in the survey, here’s a report card on Europe’s SaaS security:
Prioritizing SaaS Security: Keep it Up
The survey shows the growing importance of SaaS security to organizations, amid rapid growth in the SaaS market that is driving enterprises to manage operations and store sensitive corporate data in cloud-based services.
“In an era where SaaS platforms power a wide spectrum of industries, the threat of SaaS breaches looms larger than ever,” the CSA noted in the report.
According to regional data in the survey, 72% of security professionals in Europe rate SaaS security as a moderate to high priority in their organization. Comparatively, in the Americas 70% of respondents said it was a moderate to high priority.
Investment in SaaS Security: Could Do More
The survey found that enterprises are increasingly prioritizing investment in SaaS security, identifying the emergence of dedicated SaaS security teams. In addition, organizations increased their SaaS security budget despite economic uncertainty.
"57% of enterprises have established dedicated SaaS security teams."
In Europe, 57% of enterprises have established dedicated SaaS security teams. This compares with 68% overall for dedicated teams in the Americas.
On the budget front, 26% of European enterprises increased their SaaS security budget in 2023, compared with 31% in the Americas.
SaaS Security Capabilities: Good Progress, but Room for Growth
Organizations have significantly improved key SaaS security capabilities compared to the previous year.
Visibility into the SaaS stack is increasing, including the ability to monitor user roles, permissions, access, and level of user activity within SaaS applications. In Europe, 54% reported moderate to full visibility into applications, compared with 63% in the Americas.
Full visibility is pivotal for effective configuration and user management. It also plays a crucial role in identifying mistakenly or unwanted publicly shared data resources, such as documents and repositories.
On the threat detection front, 59% of EMEA respondents reported being able to detect logins from different locations compared with more than 66% of their colleagues in the Americas. Fewer EMEA companies are able to detect abnormal download activity (42% vs 55%). However, EMEA companies were equal to their peers in the Americas in detecting MFA changes, at 58%.
Managing SaaS Security Challenges
While organizations have improved SaaS security oversight, major challenges remain for Europe, especially in the area of third-party connected apps.
"Only 36% of European enterprises have a solution to manage third-party connected apps risk mitigation."
According to the data, only 36% of European enterprises have a solution to manage third-party connected apps risk mitigation, compared with 51% of respondents from the Americas region.
Nearly 80% of respondents from Europe pinpointed the most difficulty with tracking and monitoring security risks from third-party connected apps. Counterparts in the Americas rated this area of security with 63% difficulty.
Additionally, 74% of the Europeans said they had difficulty achieving visibility into security risks in business-critical apps compared with 62%.
Final Grade
The survey found companies that have adopted SaaS Security Posture Management (SSPM) are faring better than those using other tools, such as CASB and manual audits, to secure the SaaS stack.
SSPM users are more than twice as likely to have full visibility into their SaaS stack. SSPM users were also more likely to find key SaaS Security tasks to be twice as easy, while non-SSPM users found these tasks, which include managing misconfigurations and monitoring third-party applications, to be very hard.
The survey highlights the importance for European countries to improve their SaaS security capabilities using tools developed for SaaS. This can reduce the gaps they are experiencing, especially in third-party risk mitigation, and reduce the likelihood of an incident in the future. With EMEA SaaS security behind counterparts in the Americas, decision-makers should note the integration of SSPM emerging as a factor in enhancing an organization's SaaS security.