“We regret to inform you that a vendor was hacked, exposing our customers’ personal information.” It’s a message that has become all too familiar as data breaches shift from possibility to inevitability.
At SXSW 2025, ACT | The App Association hosted a powerhouse panel to dissect the growing crisis of data breaches and underscore the critical role of encryption in safeguarding our digital lives. Our panel, IMMEDIATE ACTION REQUIRED: Data Breaches and Encryption, highlighted how these breaches disproportionately impact disenfranchised communities, the necessity of encryption as a core piece of digital infrastructure, and what policymakers must do to strike the right balance between security and innovation.
With one in three Americans impacted by data breaches, the stakes have never been higher, especially for vulnerable communities, who often bear the brunt of these security failures. Joe Bonnell, Lucienne Ide, and Qyana Stewart, all representatives of different App Association member companies, joined our very own Graham Dufault to break down the real-world consequences of policies that weaken encryption and explore how businesses, policymakers, and everyday users can take action. Below are some key takeaways from the discussion.
Key Takeaways
- Small businesses are on the frontlines of cyber threats. Hackers often target small businesses because they lack the resources of larger corporations, yet they hold valuable consumer data. Strengthening encryption and cybersecurity practices is critical to protecting them.
- Weak security measures put real people at risk. Data breaches don’t just expose information, they expose individuals to identity theft, financial hardship, and discrimination. The Grindr hack, for example, leaked the HIV status of LGBTQ users, demonstrating the life-altering consequences of compromised data. The panelists discussed the importance of education to better empower members of disenfranchised communities to protect themselves against the most pernicious cyber threats they are most likely to encounter.
- Backdoors don’t just let in the “good guys.” The Salt Typhoon attack proved that once a backdoor exists, it’s only a matter of time before bad actors exploit it. A backdoor, intended for law enforcement, ended up giving a foreign hacker group access to massive amounts of sensitive data. This real-world breach vividly illustrates the dangers of law enforcement access mandates that weaken security for everyone. A requirement for companies to maintain a built-in vulnerability to otherwise end-to-end encrypted data would not just introduce a new, independent attack vector. It would also compound problems arising from other attacks taking advantage of mandatory vulnerabilities, as Salt Typhoon could potentially access not just all encrypted data to traverse networks, but also the encrypted data it acquires.
- Encryption is critical infrastructure. Strong encryption isn’t just a privacy tool, it’s a foundational security measure that protects businesses, consumers, and national security alike.
- Policymakers must balance security and innovation. Regulations should protect encryption while ensuring small businesses can navigate cybersecurity requirements without excessive burdens. Strong encryption just happens to be a generally low-cost, easy-to-use, and highly successful means of thwarting cyber threats, helping democratize cybersecurity protection.
In Conclusion
The SXSW discussion made one thing clear: public and private sectors can’t afford to treat cybersecurity as an afterthought. The fight for strong encryption and smarter cybersecurity policies isn’t just about protecting data, it’s about protecting people. Whether it is small businesses trying to safeguard customer information, vulnerable communities facing targeted attacks, or national security threats on the rise, the cost of inaction is far too high.
Didn’t get to see us live at SXSW? You can tune in to the next episode of our global Tech Swamp podcast for more on these takeaways and to learn what’s next in the fight for stronger cybersecurity protections.