People ask too rarely why the data lost in a breach wasn't encrypted.  The answer, in the past at least, has been that someone needed to do work on that data (analytics, ETL, etc.).  However, it has become possible to do this sort of work directly on ciphertext, answering questions about encrypted data without need of decrypting it, and this permits keeping sensitive data encrypted at all times.  This is what we are working on at Capnion!