It's not that every byte of data is vital, but that you might not realize what is vital. I used to import wood for a living, well manage the systems for those guys. Our inventory was vital for that company. If a competitor got it, they could potentially mess with our supply chain, or make deals for customers. I wouldn't have thought it mattered, but it did to them once I dug in.

Lots of data, like salaries, etc., isn't vital, but it doesn't necessarily need to be disclosed. As a result you should consider most of your data important and just secure it. It doesn't take a lot more effort, but it doesn't take much less to develop bad habits and have your data insecure.

It's like SQL Injection. Your company's home page might not be a big deal. But if it gets hacked or injected, you can bet it will happen on the day that the President has just pointed someone to it. It won't kill the business, but it could kill your day (or job)