Encryption: The Cost, The Protection, and the ROI (2024)

by Prime Factors

April 27, 2017

It's no longer only the concern of governments and corporations: encryption is both lock and key to cybersecurity across a range of organizations, of all sizes.  In 2016, the Ponemon Institute calculated the average total cost of a data breach to be $4 million. The next two years sees the chances of 10,000 lost or stolen records at the average organization sitting at 26 percent. As more businesses and private users upload and store data in digital cloud environments, encryption is a topic that can't be avoided and a responsibility that shouldn't be ignored.

Decoding Data Encryption
Data encryption is the prime choice of professionals who are serious and informed about cybersecurity. It sees data broken down into a secondary form that only you and whoever possesses the decryption key can access and understand. Encryption doesn't just protect data as it sits around on servers and storage devices, but also in its other two forms: in motion as the data is sent from one source to another, and in use, as the data is entered or accessed. 

Encrypting your data lends a deeper dimension of security and control across all methods of electronic communications, none more so than email. A glance at recent political headlines speaks volumes for the high price paid by unencrypted parties.

So Why Isn't Everyone Doing It?
Some users think encrypting their data will tie up valuable processing time and slow down their operation. Others feel that implementing successful encryption throughout their entire business model would be a logistically impossibility. While implementation and maintenance can often seem daunting and more trouble than it's worth, the reality is that the kind of modern solutions provided by Prime Factors serve to provide a more-than-significant ROI on logistics and expense.

Isn't Anti-Virus/Malware Software Enough?
To put it into perspective: to protect 50 devices over three years, the cost of anti-virus and anti-malware packages sits at an average of $2000. Regardless of your choice of provider, even the leading AV/AM providers will tell you that none of their solutions are 100% effective. A virus can still infect your system or sneak behind a firewall and lay waste to your security. And much like their biological namesake, new viruses evolve and multiply at hazardous levels, and that evolution presents an ongoing threat to your data security.

Initial Outlay vs. Long-Term Cost
There are free encryption options out there, but the maxim “you get what you pay for” is applies when it comes to encryption. Free platforms based on PGP lack the kind of support infrastructure offered by Prime Factors that safeguards your interests with comprehensive and customizable protection. They are also complex to implement and manage, and often wind up with compatibility issues with either corresponding companies to whom you need to send information, or wind up running into conflicts with some of the other cybersecurity solutions that are instituted.

For those who consider a quality encryption solution to be out of their budget or out of the question, there's the more pressing question of time. Do you pay now and suffer less in the long run, or invest in your security later after a breach?

A security breach could prove disastrous for the bottom line. However, the true cost is only measured by understanding the wider consequences of operating an unencrypted model. For an entity entrusted with the sensitive details of clients or patients, a successful cyber-attack also deals a serious blow to their reputation. It leads to a public loss of face that brands a business in all the wrong ways, and it takes a while, if ever, to recover. And companies with a high churn rate of customers often pay several more million dollars per average breach in long-term costs than the $4 million average.

The Ponemon Institute placed the average U.S. cost of fully encrypting data for desktops and laptops at $235. The numbers for cash saved from reduced data breach exposure? $4,650. If a breached device contains particularly sensitive data but is successfully encrypted against an attack, the savings can be as high as $20,000 ... and that's per device.

Encryption Requires A Key: What If I Lose It?
The sheer volume of data being stored by some companies means its unfeasible to encrypt it all under a single key. When a decryption key isn't stored in a system, it takes the form of an HSM (Hardware Security Module). These are portable devices that carry the decryption key.  

Are You up To Industry Encryption Standards?
Beyond the common sense of protecting your own interests, there are rules governing the handling of sensitive data. Even a business currently making use of what it feels are sufficient security methods may be falling short of what's actually needed. For example, the requirements for data security in the credit card industry are set by the Payment Card Industry Data Security Standard (PCI DSS, or just PCI). These guidelines offer critical guidance for any business dealing in sensitive data.

PCI compliance requires that enterprises meet 12 major data guidelines, half of which involve encryption. To meet modern demands, the data security experts at Prime Factors offer EncryptRIGHT, a comprehensive package which helps you comply with all six of these regulations. Check out the EncryptRIGHT PCI Compliance Checklist to see exactly how we help address compliance with comprehensive data encryption and management tools, software and services.

If you would like to learn more about encryption, other data security standards, and how to keep your organization safe in today’s environment, don’t hesitate to reach out to the Prime Factors team today at 888-963-6358 or through our request info form for a free consultation.