There was a time when encryption carried a high price – performance or monetary. Not anymore! There is no excuse to not encrypt every transaction, database and file. PCI, HIPAA and other regulations require it, but you should encrypt everything even if you’re not legally or contractually required.
There are however some important considerations:
– Keep your encryption keys in a safe place – a password vault can do the trick.
– Select which encryption cyphers to use, when you can. For example only use TLS 1.2 or higher on your website. For FTPS/SFTP sites, use only NIST-recommended cypher suites.

Speaking of NIST, check out this article:
https://www-techrepublic-com.cdn.ampproject.org/c/s/www.techrepublic.com/article/nist-encryption-algorithms/amp/