What Is Sensitive Data & Why You Need To Protect It

Brian Thomas | April 28, 2017 | tag: Vendor Risk Management

As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.

Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.

5 Examples Of Sensitive Data Flowing Through Your Network

1. Customer Information 

Customer information is what many people think of first when they consider sensitive data. This could include customer names, home addresses, payment card information, social security numbers, emails, application attributes, and more.

2. Employee Data

Employee data is, in many ways, similar to customer information. You have your employee’s names, addresses, and social security numbers, and you may also have their banking information (for payment purposes), usernames and/or passwords used for company logins, or data associated with a credentialing process. This is sensitive information, making it critical for organizations to store it safely. 

A prime example of sensitive data’s real-world vulnerability is the recent unemployment fraud that occurred across the US when thousands of fraudulent unemployment claims were filed by hacksters with access to citizens’ private information. This caused disruption not only in individuals’ lives but also internally for companies who were penetrated by hackers seeking employee information they had left unprotected, leaving them vulnerable to financial and operational losses while they worked to help their employees.

Where does your organization stand when it comes to vulnerabilities that you may be exposed to through your vendors? Download this eBook and learn how to adapt to the continuously changing risk environment with an efficient, continuous risk monitoring strategy.

Free ebook

3. Intellectual Property & Trade Secrets

Nearly every company has proprietary information stored in their network, with a third party, or in some kind of document management system. If you develop software, this could be code. If you’re a hardware developer, this could be schematics.

This example of sensitive data could also extend to product specifications, competitive research, or anything that would fall under a non-disclosure agreement with a vendor. Specifically, let’s say company A is developing a phone and company B is helping with a design component. If company B is breached, company A is vulnerable to having sensitive information exposed—which could be catastrophic.

4. Operational & Inventory Information

This example of sensitive data includes any generalized business operations or inventory figures. For businesses that sell physical products, it’s likely they don’t want sales figures disclosed publicly or accessed by their competitors. Sensitive data is not always personal or individual data, but company-wide information that could impact business decisions, reputation, and operations if exposed.

5. Industry-Specific Data

Depending on your industry, there may be specific examples of sensitive information you need to protect. Those in retail have to focus on protecting customers’ payment data, whereas those in the healthcare sector have to focus more on protecting digitally-stored medical records, medical research data, to name a few.

It’s important to note that customers aren’t always aware they’ve provided you information—or where that information is living. For example, patients in a hospital provide information to their health care providers, but if that information is housed through a third-party, the patient may not know that their personal data is susceptible to risk.

This piece was originally published by BitSight in April of 2017, and has been updated as of July of 2020. This updated version includes current information about BitSight, our security rating and third-party monitoring software, and the cybersecurity space.

For more information on how to how to protect your organization's sensitive data, check out our guide to improving your security program effectiveness. 


CISOs have a tough job.

How can they gain buy-in to improve security program effectiveness?

Read The Guide

Suggested Posts

BitSight Integrates With ServiceNow to Reduce Risk Throughout Vendor Management Programs

Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring...


5 Best Practices for Conducting Cyber Security Assessments

Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into your organization.


5 Tips to Improve Cyber Security Monitoring of Your Vendors

What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by...


Get the Weekly Cybersecurity Newsletter.