Cloud app security firm Elastica’s Q2 2015 Shadow Data Report notes an almost 300% increase from last year in the average number of files shared per user. Enterprise users share roughly 25% of files owned, a big jump from the average rate of sharing in Q4 2014, which was 9%. In addition, 12.5% of files shared contain compliance-related data; this is a potential cybersecurity headache for organizations, since that means over 3% of files per user are at risk of sensitive data exposure.

In its enterprise cloud app analysis, Elastica also found that the healthcare industry has the highest number of data breaches when compared to other verticals; the economic impact for SaaS storage providers for data breaches averages $13.85 million; and just over 1% of all accounts show signs of malicious activity.

The Shadow Data Report uncovers insights and looks into the main trends regarding the usage, content, and security issues of enterprise Software-as-a-Service (SaaS) applications. To build up the data for the Q2 2015 report, Elastica analyzed millions of records via its CloudSOC platform; the data records were anonymized and aggregated for the study.

The report’s authors define shadow data as all of the “potentially risky data exposures lurking in sanctioned cloud apps, due to lack of knowledge of the type of data being uploaded, and how it is being shared.” Based in San Jose, Calif., Elastica provides cloud application security services that rely on data science algorithms.

It is not enough, according to Elastica, to understand shadow IT — evaluating cloud apps on an enterprise scale requires the use of data science methods that analyze files and cloud transactions, in order to classify data and identify threats to security and compliance. A set of sophisticated analysis tools is probably called for, since they found the average number of cloud apps in an enterprise was an eye-popping 774.

Elastica observed through its CloudSOC platform that enterprise users broadly share (inside and outside their organizations) 25% of their files; 12.5% of those files contain sensitive, compliance-related data. On average those sensitive files consist of personally identifiable information (54%), healthcare records (31%), and payment information (15%).

That 25% represents a big jump. Elastica noted that from Q4 2014 to Q2 2015 the proportion of broadly shared documents per user went up from 9% to 25%. One reason for the increase is the larger number of enterprises deploying cloud app services like Microsoft Office 365. Another reason is a higher number of document shares across the board.

Broadly shared files, according to the report, have the following areas of data exposure:

  • 74% internal. An example of a sensitive file inadvertently shared within an organization could be a payroll document.
  • 17% external. An example is when files are shared outside the organization, such as with a vendor or a contractor. A risk example is a document being sent to a contractor after termination of the agreement.
  • 9% public. This is the riskiest and potentially costliest form of exposure. The information is open to anyone on the internet with a link to the exposed content, which search engine crawling can easily spread.

The data analysis found that, of all verticals, the healthcare industry had the most number of sensitive data breaches. Elastica cites more sources of data leakage in healthcare compared to other industries: the complexity of vendor relationships with doctors and hospitals, and the dynamic nature of customer relationships involving patients, employees, and insurance companies. The report’s authors note that hacked medical records are fetching 10 times more than stolen credit cards on the black market.

Elastica developed a practical measure of risk for SaaS storage providers and named it the Elastica Total Economic Impact (ETEI). It measures the economic impact to a cloud company such as Box, Google, or Drive recovering from exposure of data and sensitive information in a breach. Elastica calculated that on average the financial impact to a company due to data exposure was $13.85 million.

Their research uncovered that 1.34% of all accounts have signs of malicious activities, due to threats like account hijacking, rogue actions, or the intentional destruction of data. A larger number of suspicious activity, 66%, comes from anomalous user behavior compared to 44% for suspicious threshold risks. The two main examples of suspicious user behavior are too frequent sessions and frequent sharing; these may show that a botnet has taken over the account and is trying to pull out sensitive data.

For more details, download the Elastica Q2 2015 Shadow Data Report.

Note: TechRepublic and ZDNet are CBS Interactive properties.