HIGH
Source
CloudSploit
ID
csek-encryption-enabled

CSEK Encryption Enabled

Ensures Customer Supplied Encryption Key Encryption is enabled on disks

Google encrypts all disks at rest by default. By using CSEK only the users with the key can access the disk. Anyone else, including Google, cannot access the disk data.

CSEK can only be configured when creating a disk. Delete the disk and redeploy with CSEK.