Grip Security has released its 2025 SaaS Security Risks report, revealing alarming data about unmanaged SaaS applications. The report finds that 90% of SaaS applications and 91% of AI tools within organizations remain unmanaged, highlighting a significant security vulnerability. Key findings include a 40% increase in the number of SaaS applications used in enterprises over the past two years and an 85% rise in accounts per user. Additionally, 73% of provisioned users never utilize their SaaS application licenses. The rise of Shadow SaaS, where applications are used without IT’s oversight, poses risks such as data breaches and compliance issues. According to Gartner, by 2027, 75% of employees will use technologies outside IT’s control. Grip’s CEO, Lior Yaari, emphasizes the need for real-time visibility into these applications and a risk governance strategy to mitigate these risks effectively.
A recent report by Channel Mastered, developed for SaaS Alerts, reveals that cloud vulnerabilities have overtaken ransomware as the top threat for managed service providers, or MSPs. The survey found that over 30% of MSPs reported moderate impacts from the shift to software as a service, with 22% experiencing significant disruption to their on-premises revenue streams. Despite these challenges, 65% of MSPs reported generating at least $50,000 in additional monthly recurring revenue from SaaS security solutions last year. However, the operational burden is notable, with 45% of MSPs spending at least five hours weekly managing SaaS security applications.
In a revealing report by AppOmni, nearly 34% of security practitioners are unaware of how many SaaS applications their organizations use, highlighting a significant security blind spot. The report states that only 15% of organizations centralize SaaS security within their cybersecurity teams, leading to a culture where security is often overlooked. Alarmingly, 31% of security decision-makers reported that their organizations suffered a data breach, a five-point increase from the previous year. The report emphasizes the critical need for a proactive security culture, where both business units and security teams collaborate to mitigate risks associated with decentralized SaaS app procurement.
Why do we care?
The confluence of reports clearly signals that SaaS security is becoming an area of critical vulnerability, and the associated risks are rising faster than many organizations’ ability to manage them. For MSPs, the implication is clear: there’s a lucrative opportunity in specializing in SaaS security and governance services, but it demands investment in automation, policy standardization, and a proactive approach to client education on SaaS risks. This isn’t groundbreaking, yet also clearly not solved.

