Every employee has access to 17 million files, according to the Data Gets Personal: 2019 Global Data Risk Report from Varonis Data Lab. Varonis Systems, Inc. analyzed 54 billion files -- nearly 10 times the files in the 2018 report -- from Data Risk Assessments performed on 785 companies from more than 30 industries. 

Key findings from the report include:        

  • Out-of-control permissions expose sensitive files and folders to every employee:1.2 million folders, or 22 percent, were accessible to every employee and 53 percent of companies had at least 1,000 sensitive files open to all employees.
  • User passwords that never expire give hackers ample time to brute-force logins: 38 percent of users had passwords that never expire, up from 10 percent last year and 61 percent of companies have over 500 users with passwords that will never expire.
  • Stale sensitive files raise the risk of fines under HIPAA, GDPR and the upcoming CCPA: 87 percent of companies have over 1,000 stale sensitive files and 71 percent of companies have over 5,000 stale sensitive files.
  • “Ghost” users give former employees and contractors unnecessary access to information: 50 percent of user accounts were stale and 40 percent of companies had over 1,000 enabled, but stale, users.
  • Industries and regions vary when it comes to protecting their most sensitive information. Financial services firms found the most exposed, sensitive files overall. Healthcare, pharmaceutical and biotech firms found the most exposed, sensitive files in each terabyte that they analyzed. EMEA organizations averaged the most exposed, sensitive files per terabyte.