A plurality of file encryption groups are created for a plurality of files based on attributes of each file. An event is detected and a selected file encryption group is divided into a plurality of sub-groups in response to the event. The division is based on an access pattern for each file in the selected file encryption group.