A third of companies don't know who is managing their AI risks

While 51 percent of organizations rely on their security teams to manage AI risks, 33 percent say that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.

A new report from Wing Security and the Cloud Security Alliance also highlights that only 44 percent of organizations prioritize protecting all their sanctioned applications, while a mere 17 percent include unsanctioned ones as a priority.

SaaS security is also being hindered by a lack of resources. Currently, 48 percent of organizations rely on manual processes to manage SaaS risks, and another 48 percent utilize Cloud Access Security Brokers (CASB) for oversight.

"We see that organizations are concerned about SaaS security and risks posed by AI, but often lack the resources or even the know-how to take the steps to protect their businesses from these threats," says Ran Senderovitz, chief operating officer at Wing Security. "At Wing, we are working to make SaaS security more manageable, with increased visibility and actionable insights to secure your business and employees. As organizations are using hundreds of sanctioned and unsanctioned SaaS apps, prioritizing covering the risks involved is paramount to a holistic security strategy."

Although many mid-market organizations recognize the critical role of configuration management in their critical apps like Google Workspace, Microsoft 365 and Salesforce, only 28 percent report that they are focused on automating configurations across all their applications, leaving many apps unprotected.

The report concludes that organizations need to formalize their AI risk management strategies, clarify accountability, and focus more on compliance. Without addressing these gaps, they will remain vulnerable to emerging AI risks and future regulatory challenges.

You can get the full SaaS and AI-Risk for Mid-Market Organizations Report from the Wing site.

Image credit: Retrosesos/Dreamstime.com