Financial impact of SaaS storage breaches now $13.85 million

Elastica analyzed hundreds of millions of enterprise files stored and shared within leading enterprise cloud applications. They identified key trends and insights that reveal cloud app usage, the type of sensitive content enterprises share and store in cloud applications, and associated breach risk levels.

Based on an evaluation of cloud file usage and exposures by industry, Elastica found that the healthcare industry topped the list of verticals with the most policy violations leading to leaks of sensitive PHI (protected health information) data.

This is most likely due to the complex nature of both vendor relationships (doctors, hospitals, clinics, etc.) and customer relationships (patient, employees, contractors, insurance companies, etc.) and the greater economic value associated with black market healthcare records.

The report states that millions of records were found in the analyzed data that represented compliance violations, intellectual property leaks, or other kinds of risks. David Canellos, CEO of Perspecsys, believes that enterprises have increasingly become aware of this issue, and are now taking proactive steps to mitigate the business risks. “For example, organizations we work with are encrypting or tokenizing PII, PHI, and PCI while it is still within their data centers, so what goes to the public cloud for processing and storage is meaningless anonymized data. This approach greatly simplifies cloud compliance and security issues,” Canellos added.


This year, Elastica developed a practical measure for risk – the Elastica Total Economic Impact (ETEI) of cloud data exposures for cloud app providers such as Box, Google Drive and others. Based on calculations and data analysis, on average, the direct financial impact to a company due to exposed data in SaaS can be up to $13.85 million.

Threshold and behavioral data science analysis showed that 1.34 percent of all accounts had signs of malicious activities, driven by both inside and outside threats such as account hijacking, rogue activities or the malicious destruction of data.

25 percent of the hundreds of millions of data files analyzed in company approved apps were broadly shared, and of those files 12.5 percent contained sensitive or compliance related data, meaning they are at the highest risk of being target for a breach. Furthermore, 9 percent of all files were publicly exposed, meaning anyone on the Internet with a link to the shared content could access it.

“The Shadow Data Report is thought-provoking and takes a deeper look into what it takes to securing cloud apps. It’s timely and exact, with a quick overview of key trends and insights into the usage, content, and security of cloud applications. For organizations looking to fully secure their cloud apps, this report is the perfect first step that helps to educate you and prioritize security actions,” according to J.R. Santos, VP, CSA Research & Members Services.