Do 40% of Google Drive Files Harbor Sensitive Data, Putting Organizations at Risk?

By Stefania Viscusi  |  December 15, 2023

Metomic, a provider of data security solutions, has exposed a concerning trend in its 2023 Google (News - Alert) Scanner Report. After scanning 6.5 million Google Drive files, the report uncovers a staggering 40.2% of files contain sensitive information, leaving organizations susceptible to data breaches and cybersecurity attacks.

The company also points out that these findings are particularly unsettling against the backdrop of IBM (News - Alert)'s Data Breach Report, which indicates a 15% surge in the average cost of data breaches over the last three years. With costs reaching $4.45 million in 2023.

In response to this, more than 50% of organizations said they are intensifying their security budgets with a specific focus on fortifying incident response planning, bolstering employee training, and deploying advanced threat detection tools.

According to Metomic’s findings, 34.2% of the scanned files were shared with external contacts, i.e., email addresses outside the company's domain. 5% of files (i.e. 350,000+) were shared publicly, exposing them to anyone with the document link.

Critical information including confidential employee contracts and password-laden spreadsheets was found. Also, 18,000 files were flagged as "Critical Level," signifying the presence of highly sensitive data or inadequate file permissions.

Metomic urges businesses to gain comprehensive visibility into their Software as a Service (SaaS (News - Alert)) ecosystems, particularly within Google Workspace apps. Often, data vulnerabilities are unintentionally exposed by employees who may not be aware of the sensitivity of the information or the potential consequences of their actions.

“Google Workspace has more than 3 billion users. With so many businesses leveraging Google Docs, Google Sheets, and Google Slides—and sharing those docs with partners, customers, consultants, vendors, and anyone else they do business with—it’s mind-boggling to think of how much sensitive data is accessible to people outside of an organization and how blind most security teams and business leaders are to this,” said Rich Vibert, CEO, Metomic.

“Our Google Scanner Report puts a spotlight on the amount of vulnerable data living in Google Drives around the world, underscoring just how critical it is that businesses know what data is being stored, where it is stored, and who has access to it. The best way to prevent a data breach is to protect your business’ vulnerable data so that it does not end up in the wrong hands. Metomic’s Google Scanner Report makes clear how big of a challenge this is for IT and security teams who are struggling to strike a balance between protecting their company’s reputation and ensuring employees have access to effective SaaS tools that drive collaboration and productivity across the business.”

Metomic provides full visibility into SaaS ecosystems so organizations have control over data accessibility, ensuring that sensitive information is safeguarded against inadvertent exposure or sharing with unauthorized parties.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]