2025年中间市场企业SaaS人工智能风险调查报告

2025 Survey Report © 2025 Cloud Security Alliance – All Rights Reserved. You may download, store, display on yourcomputer, view, print, and link to the Cloud Security Alliance at https://cloudsecurityalliance.orgsubject to the following: (a) the draft may be used solely for your personal, informational, non-commercial use; (b) the draft may not be modified or altered in any way; (c) the draft may not beredistributed; and (d) the trademark, copyright or other notices may not be removed. You may quoteportions of the draft as permitted by the Fair Use provisions of the United States Copyright Act,provided that you attribute the portions to the Cloud Security Alliance. Acknowledgments Lead Author Hillary Baron Contributors Josh BukerMarina BregkouRyan GiffordSean HeideAlex KaluzaJohn Yeoh Graphic Design Claire LehnertStephen Lumpe Special Thanks Ran Senderovitz and Brian Fravel About the Sponsor Wing Security is dedicated to protecting organizations fromSaaS-related threats. With comprehensive SaaS SecurityPosture Management (SSPM) and Identity Threat Detectionand Response (ITDR), Wing’s platform provides continuousvisibility and control over critical apps, SaaS configurations,and app-to-app connectivity. Designed to simplify SaaSsecurity management, Wing equips security teams with essential context and flexible remediationcapabilities to address SaaS risks effectively, ensuring smooth business operations and continuity. https://wing.security/ Table of Contents Acknowledgments...............................................................................................................................3Executive Summary.............................................................................................................................5Key Findings at a Glance................................................................................................................5Key Findings........................................................................................................................................6Key Finding 1: Security Teams Are Struggling with a Growing Attack Surfaceand Tracking Application Use.........................................................................................................6Key Finding 2: Mid-Market Organizations Prioritize Critical Apps Protection Resultingin Security Gaps.............................................................................................................................7Key Finding 3: AI-Related Risks Are a Growing Concern, but Organizations Lack a Formal Plan...9Key Finding 4: SaaS Security Strategy Is Hindered by Insufficient Tooling and Reliance onManual Processes.......................................................................................................................10Key Finding 5: SaaS Security Embedded and Growing Through Current Securityand IT Initiatives..........................................................................................................................12Full Survey Results.............................................................................................................................15Overview.....................................................................................................................................15SaaS Risks....................................................................................................................................16AI Risks and Concerns in SaaS.....................................................................................................19Budget and Plans for the Future..................................................................................................21Demographics...................................................................................................................................23Survey Methodology and Creation....................................................................................................24Goals of the Study.......................................................................................................................24 Executive Summary Mid-market organizations are facing a growing challenge: managing an expanding Software as aService (SaaS) environment with fewer resources than larger enterprises. This report explores howthese organizations are addressing SaaS security risks, from managing misconfigurations and artificialintelligence (AI)-driven threats to overcoming budgetary constraints and limited tooling. The findingshighlight the gaps in their current strategies and provide actionable insights for improving theirsecurity posture. Key Findings at a Glance organizations have dedicated teams addressingthem. The absence of a unified strategy and clearaccountability leaves organizations vulnerable toevolving threats and compliance challenges. 1. A Growing Attack Surface Mid-market organizations are grappling withmanaging the large volume of