VendorsCloud Security Alliance
Cloud Security Alliance
Cybersecurity reports and statistics published by Cloud Security Alliance
8 categories2 reports
Research Reports
Reports and publications from Cloud Security Alliance
Recent Statistics & Reports
Organizations that patch vulnerabilities within 24 hours are breached by a known vulnerability at a 77% rate.
6/6/2026•
Vulnerability ExploitationPatch ManagementVulnerability Management
92% of organizations prioritizing risk identification before deployment experience a known-vulnerability incident in the past year.
6/6/2026•
Risk IdenitificationVulnerability Management
Only 9% of organizations remediate critical or high-severity vulnerabilities in production within 24 hours.
6/6/2026•
Vulnerability Management
91% of organizations that report being "very confident" in their AppSec strategy still experience a production incident that bypasses pre-production controls.
6/6/2026•
AppSecOperational Risk
74% of organizations remediate critical or high-severity vulnerabilities in production within 1 to 7 days.
6/6/2026•
Vulnerability Management
82% of organizations cannot see AI runtime behavior in real time.
6/6/2026•
AI SecurityRuntime MonitoringAI Runtime Behavior
70% of organizations have AI-powered components in production.
6/6/2026•
AI AdoptionApplication Security
73% of organizations would adopt virtual patching that reliably blocks production exploits with minimal false positives.
6/6/2026•
Virtual Patching
42% of organizations plan to invest more in runtime security over the next 24 months.
6/6/2026•
Security InvestmentRuntime SecurityBudget
Organizations that remediate vulnerabilities in 4–7 days are breached by a known vulnerability at a 97% rate.
6/6/2026•
Vulnerability ManagementVulnerability Exploitation
57% of organisations reported they are grappling with fragmented SaaS security administration.
4/22/2025•
SaaSFragmentation
46% of organisations are struggling to monitor non-human identities (NHIs).
4/22/2025•
SaaSNon-human identities
55% of respondents shared that employees are adopting SaaS tools without security's involvement.
4/22/2025•
SaaS
79% of organisations expressed confidence in their security programs.
4/22/2025•
SaaSSecurity program
54% of organisations lacked automation for lifecycle management.
4/22/2025•
SaaSAutomationLifecycle management
63% of organizations report external data oversharing and 56% say employees upload sensitive data to unauthorized SaaS apps.
4/22/2025•
SaaSData exposure
56% of organisations concerned with over-privileged API access.
4/22/2025•
SaaSAPI
Too many organisations are relying on fragmented strategies, such as vendor-native tools (69%), general-purpose solutions like Cloud Access Security Brokers (CASBs) (43%), and manual audits (46%)
4/22/2025•
SaaSFragmentation
58% of respondents said enforcing proper privilege levels was difficult.
4/22/2025•
SaaSPrivileges
SaaS security is a top priority for 86% of organisations, with 76% increasing their budgets this year.
4/22/2025•
SaaSBudget