Let me assume your question is about the impact on IT users. If you want to think about cryptography as a mechanism to achieve a business / user value, you can see it as a means to extend “trusted environment”.
If you trust computers in your office, you basically assume there’s a trusted domain or zone.
It is important there’s such a trusted zone as cryptography always has one or more endpoints where you can securely use your encryption keys. Breaching this assumption compromises cryptographic keys and invalidates any cryptographic protection. Your trusted zone can be your mobile phone, office PCs, smartcard in your pocket, …
- extends your trusted zone - you encrypt data in your trusted zone and the you can send / store / process it in untrusted environment. The data is protected by your encryption
- connects two or more trusted zones - you encrypt/decrypt data in one or more of the trusted zones and when the data is between these trusted zones, it’s again protected by encryption.
The protection you get from cryptography can be confidentiality (data is visible only in trusted zone(s) ), integrity (any change of data outside trusted zones can be always detected), authenticity (data that was outside trusted zone can always be linked back to its source), etc