Industry Report

Zscaler ThreatLabz 2025 Data@Risk Report

Discover the top sources of sensitive data exposure in modern digital environments.

The Big Idea: AI and SaaS Apps Put Data Under Threat

As enterprises embrace cloud ecosystems and AI-powered tools, data loss incidents are escalating at a never-before-seen scale. AI-driven apps like ChatGPT, SaaS platforms are emerging as significant sources of sensitive data leakage, while email and file-sharing services like Google Drive and Dropbox continue to amplify risks.

To protect sensitive data across all digital environments, organizations need to adopt unified, proactive strategies powered by advanced AI and zero trust.

Data loss violations across channels in 2024

3.2M+

violations from GenAI

872M+

violations from SaaS apps

100M+

violations in emails

Sensitive data is slipping through trusted channels

The ThreatLabz team analyzed more than 1.2 billion data loss incidents blocked by the Zscaler platform throughout 2024, with these key takeaways:

  1. Generative AI data risk is climbing. ChatGPT and Microsoft Copilot alone saw almost 3.2 million violations involving Social Security numbers, PHI, and more.
  2. SaaS apps need stronger data loss prevention (DLP). More than 872 million data loss violations occurred across 3,000+ apps, led by major tools like Salesforce and OneDrive.
  3. Email is still a serious data loss leader. Across 100+ million emails containing violations, most involved sensitive data like financial information, source code, and PHI.
  4. Balancing collaboration and security is key. File-sharing apps like Google Drive and OneDrive saw hundreds of billions of violations across 212 million transactions.
     
Full names, payment card data, source code, and more are at risk in data loss violations around the globe. Find out the world’s top data loss hotspots in the full Data@Risk Report.

AI tools are a major new frontier for data loss

Across all AI apps, including many with broad enterprise usage like Claude, Gemini, and Grammarly, we found 4.2 million data loss violations, with ChatGPT and Copilot alone seeing more than three-quarters (3.2 million) of the total violations.

Social Security numbers were leaked to AI apps 1.3 million times, topping the list of data types ahead of other personally identifiable information (PII) and source code.

Top SaaS apps pose critical data security challenges

Just seven major apps, including Webex, Salesforce, and Google Drive, saw nearly half of all SaaS-related data loss incidents (~416 million). Sensitive data like Social Security numbers, credit card data, and medical records were leaked the most.

Compressed GZIP files alone accounted for more than 100 million violations, while platforms like Webex saw 45.4 million cases of unstructured data exposure. Tools like Datadog and Salesforce revealed vulnerabilities through misconfigured workflows, highlighting the need for smarter, more proactive cloud data protection.

Email is a vital tool, but a top data loss vector

Nearly 104 million email transactions included data loss violations across Microsoft Exchange (97 million) and Gmail (6.3 million), exposing sensitive medical data, financial records, and source code.

Source code was leaked in 20 million emails, but those same emails resulted in a massive 3.2 billion violations, underscoring just how critical inline DLP solutions are in stopping data loss.

File-sharing apps magnify data security risks

Popular apps like Google Drive, OneDrive, and Dropbox accounted for 212 million transactions containing data loss violations, leaking personal identifiers, medical records, source code, and financial data. Top leaked file types include Excel and Word documents, PDFs, and ZIP files.

This balance between productivity and security highlights an urgent need for robust protections to prevent regulatory compliance risks and data breaches.

It’s time to rethink your enterprise’s data security strategy

With detailed analysis of emerging risks, their drivers, and strategies to protect sensitive information, this report offers essential guidance for today’s AI-driven landscape.

Download the full Zscaler ThreatLabz 2025 Data@Risk Report for deeper insights, actionable recommendations, and a breakdown of key data security trends, including:

  • Top file types and geographies involved in sensitive data exposure incidents
  • Best practices for securing data in AI and SaaS apps without losing out on their productivity benefits
  • Our experts’ top 5 predictions for the future of data risk and security measures
  • How to implement unified data security for all data types, across all channels