As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

Phil Muncaster

05 Sep 2025
 • 
,
5 min. read

Under lock and key: Safeguarding business data with encryption

A single security breach can jeopardize everything you’ve built. The theft of intellectual property and confidential customer data can result in a cascade of consequences, from hefty financial losses and a shattered brand reputation to ultimately the threat of putting the entire future of your company at risk.

According to IBM’s Cost of a Data Breach Report 2025, the average cost of a data breach stands at nearly $4.5 million. But the figure could reach many times that depending on what type of data is stolen.

Stats like these should make protective measures such as data encryption a no-brainer. In fact, 87% of businesses said last year that they would increase investment in encryption . If your business is not joining them, it might be worth asking why.

Why do you need encryption?

By transforming plain text data into an unreadable format, data encryption serves to protect your organization’s most sensitive information, whether at rest or in transit. There are many reasons for wanting to do so. These include:

  • Remote working: Nearly a quarter of US employees work from home at least some of the time. This creates extra risks around the tools they use to do so, and the data stored and accessed via those tools. Personal laptops and devices may not be as secure as their corporate equivalents.
  • A data explosion: Global businesses are creating more data than ever. It’s expected that 181 zettabytes will be generated in 2025, meaning that there’s more for adversaries to steal and hold to ransom, and more chance of it being accidentally leaked. From customers’ personally identifiable information (PII), to sensitive IP, financial data, and M&A plans, if these become compromised, there are potentially serious repercussions in store. The data explosion is also accelerating thanks to growth in AI and large language models (LLMs), which require huge volumes of potentially sensitive data to train.
  • Device loss/theft: As more employees adapt to a hybrid working environment, there’s a greater risk that the laptops, tablets and other mobile devices they carry with them are lost or stolen. If not protected, the data stored or accessed via these could be compromised.
  • Third-party threats: Threat actors continue to get better at breaching corporate cyber defenses. Last year in the US alone there were over 3,100 individual data compromises, resulting in breach notifications being sent to more than 1.3 billion victims.
  • Underperforming security: It’s getting increasingly easy to bypass traditional defenses at the corporate “perimeter” by simply using stolen, guessed or phished credentials belonging to employees. Credential abuse accounted for initial access in a fifth (22%) of data breaches last year, with phishing at 16%, says Verizon. Infostealers are a growing headache. One report claims that 75% (2.1 billion) of 3.2 billion credentials compromised in 2024 were stolen via infostealer malware.
  • Ransomware: Encryption is also a weapon wielded by attackers, and threat actors are causing growing problems for network defenders with ransomware and data extortion schemes. Ransomware was present in 44% of all data breaches last year, a 37% annual increase, according to Verizon. An encryption solution can’t stop the bad guys from locking you out of your data, but it will render anything they steal useless. As the threat of AI-driven ransomware looms ever larger, the need for a comprehensive data protection strategy has never been greater.
  • Insecure communications: Much of the world communicates via end-to-end encrypted messaging platforms, but most businesses still function on email. Unfortunately, email wasn’t designed with security as a core, built-in feature, and unless it’s end-to-end encrypted it can be a juicy target for eavesdropping and interception. In order to keep sensitive data safe from prying eyes, encryption that scrambles the email content from the sender’s device until it reaches the recipient’s device should be a non-negotiable line of defense.
  • Insider threats: Verizon claims 18% of breaches involved internal actors last year, rising to 29% in EMEA. Although many of these incidents are due to carelessness rather than malice, cases like the Coinbase breach highlight the persistent threat from the latter.

The cost of poor data security

If your corporate data ends up in the wrong hands, it could lead to:

  • Major financial costs (IBM lists detection and escalation activities; notification of regulators, data subjects and third parties; post-breach response; and lost business).
  • Reputational damage. Customer loyalty is hard won and easily lost: 94% of organizations Cisco spoke to claim their customers would not buy from them if they did not properly protect their data.
  • A significant compliance burden: Regulations and standards including DORA, NIS2, GDPR, HIPAA, CCPA, and PCI DSS 4.0 all demand data encryption in some form.

It’s also worth considering the cyber-insurance context of data protection. Carriers either may not insure your business if it doesn’t deploy strong data encryption, or else increase premiums.

What kind of encryption works best?

Encryption scrambles plaintext data using a specialized algorithm and encryption key(s). Be sure to choose products based on proven, robust algorithms like AES-256 that offer a high level of protection. But beyond this, you will need to decide on the solution that best fits your needs. There are products designed specifically for encrypting databases, and cloud environments, for example.

One of the most popular types of data protection is full-disk encryption (FDE). This scrambles data on system disks, partitions and entire drives across laptops, desktops and servers. When evaluating solutions, look out for solutions that offer robust encryption (AES-256), cross-platform support (across Windows and macOS, for example), flexible licensing, centralized control from a single admin portal, and minimal end-user interaction.

Depending on your requirements, you may also be interested in an encryption solution that covers:

  • Files and folders, virtual disks and archives: Useful for sensitive data that need to be shared or stored in unencrypted environments (e.g., if you have a shared devices policy).
  • Removable media: To protect data residing on any USB drives or similar from theft or loss.
  • Email and attachments: Encrypting data in transit will help ensure only the intended recipient will be able to read email content.

It’s possible to get many of these capabilities in encryption solutions with centralized management, like those offered by ESET.

Bringing it all together

Data encryption is a much-needed line of defense that should be one of the essential layers of any fit-for-purpose security strategy. At the same time, it’s always important to remember that it works best as one of multiple safeguards and layers of security. Security software across all devices, strong access controls, including multi-factor authentication (MFA), vulnerability and patch management, file server and cloud application protection, and end-user security awareness training will all go a long way toward keeping your business safe.

In a world of continuously evolving threats, consider proactive defense that comes with advanced EDR/extended detection response (XDR) and offers critical detection capabilities across endpoint, email, cloud and other layers, plus response and threat hunting in real time. For companies that are short on resources, managed detection and response (MDR) services can do the heavy lifting, pairing industry-leading prevention, detection and response capabilities with world-class security research and threat intelligence.



Source link