Encryption’s Importance to the Private Sector

Current debates on expanding the use of encryption in consumer products may overlook the ways in which it is already embedded and relied on in certain industries. Many private companies, like those in the banking, digital communications, and cloud storage sectors, actually compete on the strength of their consumer privacy protections—including strong encryption. These industries hold sensitive information—like social security numbers and credit card numbers—that may easily be hacked and exposed when companies do not encrypt digital files and transactions. A study published earlier this year by Cisco found that the majority of international cybersecurity professionals across industries see significant or very significant benefits in operational efficiency, data security, and customer loyalty and trust due to increased annual spending on privacy.¹

Investing in better privacy practices also shields companies against the high costs of data and privacy breaches. When customers lose trust in companies from their personal data being exposed, it can lead to a loss of business amounting to $1.42 million per organization on average, or 36 percent of the total cost of a data breach, according to a study released by IBM in 2019.² Encrypting data at rest is a key safeguard against data breaches. One study found that 96 percent of data breaches in 2016 involved data that was not protected with encryption.³ According to the 2019 report from IBM, the average time to contain a data breach in 2019 was 279 days, 73 more days than the span of a breach in 2018.⁴ The longer a data breach, the higher the costs. Breaches lasting fewer than 200 days were on average $1.22 million less costly than breaches with a life cycle of more than 200 days, which could cost $4.56 million on average.⁵

Encrypting data in transit while consumers engage with businesses online is also a key privacy best practice used by cloud storage companies. Cloud storage can introduce great security risks for individuals and organizations, since personal and sensitive information is being stored with a third party—encryption can provide a necessary layer of security. Many cloud storage companies use encryption to protect information, with 81.8 percent of cloud service providers encrypting data in transit between the user and cloud service.⁶ OneDrive, for example, encrypts data in transit, though it does not encrypt data stored in the cloud. On the other hand, iCloud encrypts both data in transit and data at rest.⁷

One example of how companies have improved privacy measures is in the payments industry, with encryption playing a central role in ensuring personal financial data is transmitted safely. During the panel, Keun Kim, senior managing counsel, Digital Payments & Labs, Products and Innovation, at Mastercard, gave the example of companies like his employing magnetic card stripes and CVV numbers for card payments, then evolving to electronic chips embedded in each card. Chips, unlike magnetic stripes, are encrypted, which makes it much harder to read the information stored in the card while also limiting the data stored on any single key at the same time.⁸ An encrypted credit card with an electronic chip is much harder for criminals to read and replicate the information, since information stole from magnetic stripes can simply be placed on a new strip and used to make fraudulent purchases. Encryption is therefore critical in ensuring that personal data is secure during a transaction.

Messaging and digital communications is another area where encryption is becoming the standard, as McInnis offered during the panel. Popular messaging services, like Signal, Telegram, and WhatsApp, use encryption to protect messages. In March of 2019, Facebook announced that it was adopting end-to-end encryption across all its platforms.⁹ The reasons for the change included in Mark Zuckerberg’s announcement reflected not only his and his company’s recognition of a change in public opinion, saying that people want to connect privately, and that the industry as a whole is moving towards encryption.¹⁰

It is likely that companies will continue to innovate around privacy as more of our everyday lives move online. Encryption promises to be a key part of this innovation.