"It can be stored in all kinds of nooks and crannies that people don't ordinarily think about," he said.
Vernick said that, in his experience, retail companies generally have a better grasp on the issue because they're used to dealing with compliance requirements, and healthcare-related companies are catching up.
But, as the recent Sony breach showed, all types of companies are vulnerable, he said. "It's really an issue that applies to everyone."
Sign up for CIO Asia eNewsletters.