SaaS is soaring. Data resilience is not. 

SaaS now sits at the center of how teams work. Nearly every organization has added more apps over the last two to three years. The average company runs about 139 SaaS applications today, and that number climbs to 159 among organizations that have faced multiple breaches. The pattern is straightforward. As portfolios grow, exposure grows with them.

Security incidents are no longer rare. Sixty-five percent of organizations reported a SaaS-related breach in the past year. This is true across industries and regions, and the likelihood of a breach rises with the number of apps in use.

The financial hit is substantial. The average daily cost of SaaS downtime is $405,770, and recovery takes about five working days. That puts a typical incident near $2.3 million before you add the harder-to-measure losses like customer trust and reputational damage.

Why does this keep happening? Visibility and ownership are weak in many companies. Forty-three percent say no one truly owns SaaS data resilience. Forty-four percent struggle to respond to audits and regulatory requests, and 51 percent say protection challenges have increased exposure to cyber threats. When ownership is unclear, problems linger and risk piles up.

Control is also fragmented. IT is not fully in charge of the SaaS stack in most environments. Only 5 percent of organizations report full control of applications, and on average IT controls just 56 percent of them. That leaves large portions of the environment outside standard guardrails.

Protection practices have not kept pace. Eighty-seven percent have at least one SaaS application type at risk, and 66 percent still believe the vendor is responsible for protection. Many programs miss the basics: only 30 percent use policy-driven backups, 26 percent have offsite retention, and 25 percent test recovery. These gaps turn routine mistakes into long outages.

The full report goes deeper into the data, sector breakouts, and the specific applications leaders worry about most. Download the HYCU State of SaaS Resilience Report 2025 to see the complete findings.

About the report. The HYCU State of SaaS Resilience Report 2025 is based on a global survey of 500 IT and business decision-makers conducted in 2025. Respondents include board and C-suite leaders as well as senior and mid-level managers across North America, Europe, and Asia-Pacific. The study examines SaaS adoption, security incidents, protection practices, and the business impact of downtime to show where resilience is falling behind adoption.