A data breach is bad news for any organization. It’s proof your security scheme failed to prevent an unauthorized person from gaining access to sensitive information.
The aftermath of a breach often includes a flurry of bad publicity, which can diminish the company’s value and send customers into the arms of competitors. The damage is costly and difficult to repair. Some businesses take years to recover—or never fully recover.
Having an encryption solution in place is one factor that can minimize the damage caused by a data breach.
No one would ever claim that encryption should be your only means of data protection, or even that encryption guarantees your data will be safe in every conceivable data breach situation. But it is a valuable layer of security that minimizes the harm a breach can cause, as well as the cost of responding to a breach.
Here are two ways encryption protects your organization even if you experience a data breach:
1. Encrypted Data Is of No Use to Hackers
Encryption transforms sensitive data into cyphertext that’s meaningless to hackers and thieves—anyone who doesn’t have the key that decrypts the information.
Whether the attacker is motivated to sell customers’ personally identifiable information (PII) on the dark web or to use your data to obtain a political advantage, encrypted data won’t provide the desired result.
Your customers won’t be victims of identity theft, they won’t find unauthorized charges on their credit card statements, and they won’t experience the anger and frustration that often drives people to shop around for a new bank or pharmacy or favorite retail establishment.
Your organization won’t lose customers in droves, nor will it face expensive lawsuits.
2. Most Breach Notification Laws Include a Safe Harbor for Encrypted Data
In the U.S., 47 states have enacted security breach notification laws that require organizations to notify individuals of breaches involving their PII. The specifics of the 47 laws vary, and that’s a major challenge for businesses.
The laws often define PII differently and require notification within different timeframes. Even the definition of what constitutes a data breach can vary. It’s easy to see how difficult (and expensive) it is to follow these breach notification laws—especially if your organization is reeling from the discovery of a breach.
In most of these 47 states, encryption provides a safe harbor that removes the need to notify individuals. The reasoning is that encrypted data is meaningless to thieves, so the individuals won’t experience any harm as a result of the breach.
Encryption saves your organization the cost of the breach notifications and the penalties that could be triggered if notifications are not delivered to the right people within the right timeframes. You’ll also avoid much of the bad press that accompanies a data breach and often damages the value of the organization.
In today’s threat landscape, the question for many organizations isn’t if you’ll get breached but when. The growing threats to data also highlight the need for multiple layers of defense. Encryption is a critical final layer that protects your organization from some of the most devastating consequences of a data breach.