Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data.
Allowing unencrypted EBS Snapshots may aid an adversary in identifying weaknesses in the affected account's use or configuration or data on the server. It's best to configure the default key for EBS encryption for a Region so that the snapshots are automatically encrypted.
If EBS Snapshots are not encrypted, unauthorized users may be able to access the server and use the snapshot to access the data. Also, ensure there are no EBS Snapshots set as Public. We can achieve the same by modifying the permissions of a snapshot, you can share it with the AWS accounts that you specify.
By default, only Snapshots of encrypted volumes are encrypted.
Once the snapshot is encrypted you can not be changed.