The starting point for a new study from the Institute for Critical Infrastructure Technology is not new: "There are only two types of networks, those that have been compromised and those that are compromised without the operator's awareness." Since it is impossible to defend the network, the solution is surely to defend the data. Here encryption can offer something more like a guarantee of security.
The study (PDF) is primarily directed at government networks, where it suggests "federal government breaches have eroded the public's confidence in the federal entities' ability to secure sensitive systems and data against adversarial compromise."
But just as it is self-evident that networks are regularly breached, so it is self-evident that encryption is not always used. An example presented by the study, that both demonstrates the absence of encryption and the misguided argument for not using it, can be found in the massive OPM breach of 2015. Here a series of breaches led to the theft of 4.2 million personal records and 21.5 million SF-86 forms -- the effect of which may be felt for many years to come.
OPM did not use best security practices. Most shockingly, the stolen data had not been encrypted. According to former OPM Chief Information Officer Donna Seymour, "Some legacy systems may not be capable of being encrypted." It is this supposition and attitude that the report's author, James Scott, says is not correct.