A new report reveals 40% of Google Drive files contain sensitive information which could put organizations at risk of a data breach.

Metomic announced the results of its 2023 Google Scanner Report, offering insights on the amount of sensitive data that is often stored in Google Drives without any protective oversights. After scanning approximately 6.5 million Google Drive files, it was found that 40.2% contained sensitive data that could put an organization at risk of a data breach or cybersecurity attack.

In addition to identifying potentially vulnerable information, it was also discovered that 34.2% of all the files scanned were shared with external contacts (email addresses outside of the company’s domain) and more than 350,000 files (0.5%) had been shared publicly, giving access to anyone who had the document link. Among the files identified as containing sensitive information — including confidential employee contracts and spreadsheets full of passwords — 18,000 files were flagged as “Critical Level” data files, meaning the information contained “Highly Sensitive” data or the file permissions were not applied securely.  

According to IBM’s Data Breach Report, the average cost of a data breach has increased 15% over the last three years, reaching $4.45 million in 2023. More than 50% of organizations report they are increasing their security budgets as a result of a breach, with plans to spend more on incident response planning and testing, employee training and threat and detection tools.