After scanning approximately 6.5 million Google Drive files, Metomic found 40.2% contained sensitive data that could put an organization at risk of a data breach or cybersecurity attack.
According to Metomic’s 2023 Google Scanner Report, documents that had been shared externally often contained confidential information, with 18,000 files flagged as having “highly sensitive” data, like PII
London, England, (Black Hat Europe 2023, Booth 444) – December 6, 2023 – Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, today announced the results of its 2023 Google Scanner Report, offering insights on the amount of sensitive data that is often stored in Google Drives without any protective oversights. After scanning approximately 6.5 million Google Drive files, Metomic found 40.2% contained sensitive data that could put an organization at risk of a data breach or cybersecurity attack.
In addition to identifying potentially vulnerable information, Metomic also discovered that 34.2% of all the files scanned were shared with external contacts (email addresses outside of the company’s domain) and more than 350,000 files (0.5%) had been shared publicly, giving access to anyone who had the document link. Among the files identified as containing sensitive information—including confidential employee contracts and spreadsheets full of passwords—18,000 files were flagged as “Critical Level” data files, meaning the information contained “Highly Sensitive” data or the file permissions were not applied securely.
“Google Workspace has more than 3 billion users. With so many businesses leveraging Google Docs, Google Sheets and Google Slides—and sharing those docs with partners, customers, consultants, vendors and anyone else they do business with—it’s mind-boggling to think of how much sensitive data is accessible to people outside of an organization and how blind most security teams and business leaders are to this,” said Rich Vibert, CEO, Metomic. “Our Google Scanner Report puts a spotlight on the amount of vulnerable data living in Google Drives around the world, underscoring just how critical it is that businesses know what data is being stored, where it is stored, and who has access to it. The best way to prevent a data breach is to protect your business’ vulnerable data so that it does not end up in the wrong hands. Metomic’s Google Scanner Report makes clear how big of a challenge this is for IT and security teams who are struggling to strike a balance between protecting their company’s reputation and ensuring employees have access to effective SaaS tools that drive collaboration and productivity across the business.”
According to IBM’s Data Breach Report, the average cost of a data breach has increased 15% over the last three years, reaching $4.45 million in 2023. More than 50% of organizations report they are increasing their security budgets as a result of a breach, with plans to spend more on incident response planning and testing, employee training, and threat and detection tools.
With data breaches becoming more frequent across industries and geographic locations, it’s imperative that businesses gain full visibility into the data stored in their SaaS ecosystems, including Google Workspace apps. Often, vulnerable data is exposed, not because of malicious intent, but unintentionally by an employee who simply didn’t realize they were making sensitive data public or sharing it with the wrong people.
Metomic DLP tool for Google Drive gives IT and security teams full visibility into their SaaS ecosystem so that they can control what data is accessible to who. Download the full report at: The Risks of Storing Sensitive Data in Google Drive.