80+ SaaS management, offboarding, and Shadow IT statistics for IT teams (2025)

With an ever-growing number of SaaS and AI apps entering the workplace, IT teams are juggling more tools, identities, and access points than ever before. At the same time, employees are increasingly adopting apps outside official channels, creating risks and blind spots.

Understanding the state of SaaS adoption, shadow IT, and identity management can help IT teams stay ahead of the curve. Below, we’ll go over key SaaS management and shadow IT statistics covering SaaS spending, AI adoption, identity complexity, shadow IT trends, offboarding risks, and security breaches.

Sourced from Gartner, McKinsey, Verizon, IBM, Menlo Ventures, and more, these stats provide a snapshot of the challenges IT teams face in 2025—and highlight where proactive management can make the biggest impact.

TL;DR

• Worldwide SaaS spending is projected to reach $295 billion in 2025, signaling continuous growth in the number of apps IT teams must secure and manage.
• 75% of organizations manage two or more identity providers, highlighting the growing complexity of user and machine identity management.
• 72% of employees created GenAI accounts with personal emails, showing that unsanctioned tools are already widespread.
• More than a third of former employees still had access to company email and work files on personal devices, underlining the risks of inconsistent offboarding.
• 46% of compromised systems with corporate logins were unmanaged devices, emphasizing that credentials, not “hacking,” are the most common breach entry point.

SaaS sprawl statistics for IT teams

Worldwide SaaS spending is projected to reach $295 billion in 2025 (Public Cloud Services, Worldwide, 2022-2028, 1Q24 Update, Gartner). That’s not just incremental growth—it’s a signal that cloud software continues to dominate how organizations run their business.

💡For IT teams, this means the number of apps to evaluate, secure, and manage will only keep rising.

Source: Gartner

Even in tighter economic climates, SaaS isn’t on the chopping block. 86% of enterprise buyers plan to either increase or maintain their SaaS budgets (2023 SaaS Buyers Outlook, Sapphire Ventures). Within that group:

• 41% expect to grow their SaaS spending,
• 45% plan to keep budgets steady.

Layered on top of this growth is the surge of interest in AI tools. 71% of organizations say they are “100% certain” or “extremely likely” to invest in AI-powered software (2024 Global Software Buying Trends Report, Gartner).

💡For IT leaders, that doesn’t just mean new opportunities. It also means a new wave of apps entering the stack—often fast-moving, user-driven, and outside traditional procurement channels.

The state of AI in the workspace

AI is no longer experimental—it’s entering workflows across industries. According to the 2025 State of AI report by McKinsey:

• 78% of organizations now use AI in at least one business function, up from 55% just a year ago
• 71% report using generative AI specifically, a steep rise from 65% earlier in 2024
• IT is seeing the sharpest growth: usage jumped from 27% to 36% in just six months

Much of this momentum is fueled by budgets: 60% of enterprise genAI investments come from innovation budgets, but 40% are already being redirected from permanent allocations (2024 The State of Generative AI in the Enterprise, Menlo Ventures).

📚Also read: How to optimize SaaS licenses in an AI-first world

How employees actually use AI

Despite all the hype, AI in daily work is still uneven:

• Only 15% of employees accessed GenAI tools on corporate devices at least once every two weeks. (Verizon DBIR, 2025)
• Among use cases, code copilots lead with 51% adoption, making developers early power users. Meeting summarization tools (24% adoption) are also gaining ground. (2024 The State of Generative AI in the Enterprise, Menlo Ventures)
• 68% of managers actively recommend AI tools to help teams solve challenges. (2025 Superagency in the Workplace Report, McKinsey)

The most common GenAI use cases

One of the most striking dynamics is the mismatch between what leaders think is happening and what employees say is happening:

• C-suite leaders estimate only 4% of employees use genAI for more than 30% of their daily work—but employees self-report that it’s actually three times higher (2025 Superagency in the Workplace Report, McKinsey).
• Similarly, 20% of leaders expect this level of adoption in the next year, while 47% of employees believe they’ll get there (2025 Superagency in the Workplace Report, McKinsey).

💡This gap matters: it can leave IT teams caught between leadership assumptions and the realities of tool usage happening on the ground.

Identity management statistics for IT teams

Identity sprawl is now a reality most IT teams live with. 75% of organizations manage two or more identity providers, and 11% juggle five or more (The State of Multi-Cloud Identity Survey, 2024).

IDP sprawl in 2025

Even as identity sits at the heart of security, resilience isn’t guaranteed.

• Only 38% of organizations have fully implemented measures to ensure the continuous availability of identity services.
• 6% admit they have nothing in place at all

Meanwhile, 53% of organizations say improving identity analytics and visibility is a top priority in 2025—highlighting a recognition that blind spots remain.

💡For IT, that means more integrations to maintain, more risk of misconfigurations, and more complexity for end users.

Despite years of investment, many IT teams still don’t feel confident in their identity tools. Only half of organizations say their IAM systems are effective (The State of Identity and Access Management (IAM) Maturity, 2025, Guidepoint Security).

Part of the problem is competing priorities:

• Nearly 45% of organizations focus IAM spending on making logins smoother for users,
• While fewer invest primarily to meet compliance demands (34%) or manage workforce turnover (31%).

💡That constant trade-off—security vs. convenience—often leaves IT stuck in the middle, with tools that don’t fully satisfy either side.

The rise of machine identities

Traditionally, IT and IAM (Identity & Access Management) focused on people — employees, contractors, vendors. But today, apps, services, bots, and automations all need their own credentials to function.

Think about it:

• A service account that lets your HR system sync data into Slack.
• A bot that automatically generates reports and posts them into Teams.
• An API key powering a custom integration between Salesforce and a billing system.

According to Guidepoint Security, these machine identities now make up a massive share of all access relationships in the enterprise. And yet, management is lagging:

• 39% of organizations are starting to use IAM platforms for non-human accounts, but most handle them in an ad hoc way
• Only 28% have governance and processes fully integrated into their IAM platforms

❗This is a quiet risk multiplier. Unlike people, bots and services don’t raise a flag when something looks wrong. An overlooked account can sit vulnerable for months—until it becomes an attacker’s easiest way in.

Shadow IT statistics for IT teams

Shadow IT isn’t new—but AI has given it fresh momentum.

• 72% of employees created GenAI accounts with personal emails, and another 17% used work emails without corporate authentication (Verizon DBIR, 2025).
• While only 40% of companies say they’ve purchased an official LLM subscription, employees in 90%+ of companies report using personal AI tools for work. Many say they use them multiple times a day, even as official AI initiatives remain stuck in pilots (MIT NANDA Report, 2025).

Employees using Shadow AI vs. what employers think

💡The message is clear: employees aren’t waiting for sanctioned tools. They’re adopting what helps them get work done—policy or no policy.

Governance gaps are leaving IT exposed

Adoption is running ahead of policy in many organizations:

• 63% admit they lack AI governance policies to manage or prevent shadow AI (Cost of a Data Breach Report 2025, IBM).
• 96% are now building or enforcing governance structures, but 82% remain worried about data leakage (ESG + Harmonic).
• Only 27% of companies say all genAI outputs are reviewed before use, while others review only a fraction—in some cases, 20% or less (2025 Superagency in the Workplace Report, McKinsey).
• Governance is fragmented: 28% of companies assign AI oversight to the CEO, 17% to the board, but on average, two leaders share responsibility (2025 Superagency in the Workplace Report, McKinsey).

💡This uneven governance landscape means IT often ends up as the default safety net, tasked with balancing innovation and risk.

📚Also read: Shadow IT Risks: How Disconnected Apps Create Compliance Nightmares

The real costs of shadow AI

The risks aren’t hypothetical. Among organizations with high levels of shadow AI. According to IBM’s 2025 Cost of a Data Breach Report:

• 20% experienced a breach tied to unsanctioned AI use
• Those breaches added an average of $670,000 to incident costs
• With 65% involving personal data and 40% exposing intellectual property

💡The impact is so widespread that shadow AI has displaced “security skills shortages” as one of the top three most costly breach factors.

Shadow IT hits SMBs especially hard

Shadow IT isn’t just an enterprise problem. According to Capterra’s 2023 Shadow IT and Project Management Survey:

• 57% of SMBs reported major shadow IT projects launched outside IT oversight
• 89% say they’ve faced financial consequences—fines, wasted spend, or rebuilding unsupported tools
• 91% struggle to integrate shadow IT projects back into official systems, citing time, cost, and technical incompatibility
• 94% agree IT project managers will be critical in preventing future shadow IT, alongside better education, updated policies, and stronger collaboration

Types of shadow IT

💡These stats reveal an underlying pattern: shadow IT isn’t just about rogue apps anymore. It’s about frustrated employees finding workarounds, AI tools spreading faster than governance, and IT teams left to pick up the pieces.

Employee offboarding statistics for IT teams

Employee offboarding is supposed to be a straightforward process: revoke access, secure devices, and ensure a clean handoff. But according to Beyond Identity’s 2022 survey, the reality looks very different—and far riskier.

In fact, the survey found that offboarding is frequently left outside IT’s control:

• In more than 1 in 10 cases, a co-worker handled the offboarding process
• Just 9% of former employees remember an IT specialist being involved in their exit

Loose processes mean employees often walk away with more than memories:

What employees retain access to post-offboarding

• Over a third still had access to company email and work files on personal devices.
• Many deliberately kept sensitive information, such as:
  • 31%: co-worker contact information
  • 30%: private conversations
  • 27%: company ideas or intellectual property
• 70% of fired employees also admitted to intentionally causing harm

Nearly 75% of leaders said their organizations had been harmed by a former employee, showing this isn’t a rare edge case. And they further report that these attacks had real consequences:

• 39% said financial data was accessed
• 37% said work email was compromised
• 33% reported website hacks, stolen files, or unauthorized software access

Even co-workers weren’t immune, with around 30%of leaders saying ex-employees accessed colleagues’ emails.

📚Also read: The Hidden Risks of Inactive User Accounts and How to Mitigate Them

Offboarding perception vs. reality

The report also uncovered a disconnect between leaders and employees:

• 40% of employees said they wiped company devices, compared to 53% of managers who believed they did.
• Regional differences highlight just how uneven security can be:
  • In Ireland, 23% of employees said their company had no corporate security at all.
  • In the U.S., security was rated highest, but only 14% of employees described it as “extremely secure.”

💡The Beyond Identity report makes one thing clear: employee offboarding is one of IT’s weakest links. Without consistent processes, proper IAM controls, and IT-led oversight, organizations risk leaving the door open—sometimes literally—to data theft, account abuse, and costly insider threats.

Risk and compliance statistics for IT teams

Risk and compliance pressures for IT teams have never been broader. On one hand, AI adoption is introducing new attack vectors. On the other hand, breaches, third-party risk, and credential misuse continue to multiply. The result is an attack surface that’s harder than ever to govern.

AI-related security incidents stand out as a growing concern. In fact, 97% of organizations that suffered an AI-related incident lacked proper AI access controls (Cost of a Data Breach Report 2025, IBM).

‼️Compliance structures don’t always help either. Only 18% of organizations place compliance within IT, security, or privacy functions (2023 State of Risk and Compliance Report, Navex). This disconnect often leaves IT responsible for managing risk without having the authority to align policies to practice.

Meanwhile, breaches remain widespread:

• 30% of organizations reported a cybersecurity or data privacy incident (2023 State of Risk and Compliance Report, Navex).
• The human element factored into about 60% of breaches (Verizon DBIR, 2025).
• 89% of organizations say vendor or supplier risk is important (2023 State of Risk and Compliance Report, Navex).
  • Especially as third-party involvement in breaches has doubled, rising from 15% to 30% year over year (Verizon DBIR, 2025).

📚Also read: The Complete SaaS Governance Framework to Eliminate Disconnected App Chaos

Compromised credentials: The common breach entry point

Unmanaged devices, infostealers, and leaked secrets all create pathways attackers can exploit, often long before IT knows there’s a problem. According to Verizon’s 2025 Data Breach Investigations Report:

• 46% of compromised systems with corporate logins were unmanaged devices, often mixing personal and business credentials.
• 54% of ransomware victims had their domains appear in credential dumps.
• 40% of ransomware victims had corporate emails exposed.
• 39% of disclosed secrets came from web application infrastructure.
  • Of these, 66% were JSON Web Tokens (JWTs).
• 43% of exposed cloud infrastructure secrets were Google Cloud API keys.

Common breach entry points

💡The Verizon DBIR data makes one thing clear: attackers aren’t “hacking in” as much as they’re “logging in.” Credentials—whether user logins, tokens, or API keys—are now the most common breach entry point.

Automate SaaS management with Stitchflow

The stats are clear: SaaS sprawl, AI adoption, identity complexity, shadow IT, and offboarding gaps are all adding layers of risk for IT teams. But these numbers aren’t just scary—they’re actionable.

Understanding how employees use tools, where accounts go unmanaged, and which processes break down gives IT leaders a roadmap to tighten security and improve efficiency. And automation makes that roadmap easier to follow.

If you’re looking to simplify SaaS management and keep better control over user access, Stitchflow can help. It allows IT teams to manage all apps in one place, automate onboarding and offboarding, enforce policies, and maintain visibility across both human and machine accounts.

That means fewer orphaned accounts, fewer policy gaps, and more time to focus on strategy instead of fire drills.

Book a free pilot today to see how Stitchflow can streamline your SaaS management and give your IT team the visibility and control it needs—without slowing down the business.