Why are more and more organizations turning to encryption to make sure data is stored in a format that cannot be leaked if a system is compromised?

What will be an ideal response?

Given the threat of leaking sensitive personal information or personally identifiable information (PII), more and more organizations are turning to encryption to make sure the data is stored in a format that cannot be leaked if a system is compromised. Organizations must first determine what data they want to encrypt, then they must make sure they are properly encrypting the data in storage. In some cases, the data is encrypted while resting in a database but not when sent to backup, or the encryption key is included on the backup. In other cases, data is automatically decrypted when requested from a Web server, which could allow an attacker to gain access to the data through an injection attack.