Data leaks are expensive. Not just to your organisation, but to the people who entrust your organisation with their personal information. Only a third of data leaks are identified by dedicated IT security staff, and it takes them around 200 days to notice anything has happened. After that point, these detected and "solved" problems cost an average of USD $4.45 million.
Why wait? Why wait and hope that IT security staff notice the event which has already occurred? Why not prevent the problem in the first place?
If the data is encrypted, the bad guys can't use it. It's that simple. But very few organisations bother encrypting valuable personal and business data. You can, and should, encrypt your data.
Far too many large organisations store passwords on networked computers, in plain text, generally so various pieces of software can function or access other pieces of software. This is bad. As soon as the hacker finds it, the hacker gains the keys to the kingdom, and will use that password to gain further access and do naughty things.
Would you like to encrypt the passwords but still allow service accounts to use those credentials? Easily done. The correct method using some secure code will ensure that the password is never stored as plain text, yet allow your delegated service accounts to use it.
One of the most significant causes of difficulties (including extra work, extra costs, extra time) related to IT systems in large organisations is poorly designed information. If information is poorly designed and managed, every activity related to that information will take longer, cost more, and require more work. This results in, for example, blow-outs in costs and time for most government projects, and a huge number of such projects found to be not fit for purpose.