Skip to main content
Open menu
Resources & insights

What is unstructured data and why is it a problem?


It’s common for workers to store business data in a range of formats and locations, but this can be a cyber risk without the right IT security controls.

There’s a growing threat of data breaches to UK businesses, with 65% of large firms experiencing a breach in the past year, according to the Cyber Security Breaches Survey 2016. It’s therefore vital for all firms to take steps to protect their data from hackers, accidental loss and theft via strong IT security controls. This is particularly important when considering the adoption of new cloud-based software, like Office 365, which may bring about additional security risks.

The trouble is, it can be difficult for some organisations – such as knowledge businesses like private equity firms – to know exactly what to protect. Their problem is that a lot of customer data, business intelligence and intellectual property tends not to be stored in a single central database, but spread across lots of different documents and devices. For example, mission-critical data of a private equity firm may be stored in a PowerPoint file, and for a law firm it might be within the body of an email.

A serious breach won’t just affect one kind of file or one storage location, either – the recent WannaCry attack that infected businesses worldwide is an example of malware that was able to infect a wide range of file formats and devices, just as long as the devices themselves were running an unpatched and outdated version of Windows.

The uncontrolled spread of information across all of these different formats and locations is called unstructured data and can be problematic to secure for the following reasons:

Document storage

Whilst there is nothing inherently wrong with storing sensitive and regulated data in a Word document or as a PowerPoint presentation, there needs to be security in place to prevent those from being opened or edited by an unauthorised user, or ending up in a location where they might be at risk.

If your cloud capabilities are less than ideal then it is all too common for employees to find their own workarounds, such as using consumer-grade apps like DropBox to store documents – a phenomenon known as shadow IT. Inefficiencies aside, this poses a real security risk in that you have no control over these applications or the way they are used. This can be particularly challenging when employees are inclined to save, copy and share their files in an insecure way – using personal cloud storage accounts, their laptop hard drives or USB sticks which can be lost or stolen, for example. (If this sounds familiar, it may be time to invest in a new cloud document management system).


Furthermore, one of the most common ways employees send and share files with one another and their clients is simply attaching them to an email. Whilst this is convenient and quick, it’s all too easy for users to make mistakes like sending documents to the wrong email address – which, within just a few seconds, could compromise business security and confidentiality, and even lead to potential legal issues.

Unless you have a document-level security solution in place or controls to prevent the sending of confidential data via email, this common business tool can therefore be a major source of cyber risk.


The ubiquity of Office applications like Word and Outlook has been beneficial for many knowledge businesses, as it makes them familiar to most employees off the bat – as well as compatible with a wide range of both business-owned and personal devices. This means it’s common for employees to access documents from their smartphones, for example, or take them home to work on remotely (which brings with it a welcome productivity boost).

However, this increases the risk of device loss or theft leading to a data breach, as well as other remote-working threats like the sending of files over unsecured Wi-Fi networks where they can be easily intercepted. As such, security controls are needed to ensure the inclination to work remotely isn’t a source of to cyber risk – whether that means introducing remote device-wipe functionality or more document-level security controls like encryption.

Find out how your business can protect itself against these cyber security risks by requesting a free IT audit below.

Related posts


Office 365 vs Exchange Server for email: what’s the difference?

Read more


ChatGPT vs Microsoft Copilot vs Copilot for M365: What Sets Them Apart?  

Read more


A data security breach is only a matter of time

Read more

We’re here to help

If you want to achieve better outcomes for your business through a more intelligent use of technology, talk to us.

Contact us