Using analogies can be powerful, but in this case, I think it would be much easier to just explain in simple language what is going on. Something like this should be effective, but probably should include powerpoint slides with illustrations and large corporate fonts.
As you know, we require people to use passwords so that we know who they are when they are using our product. We have to keep track of these passwords in order to let people log in. The problem is, we can't store the passwords exactly as they are entered, because attackers have found ways to be able to see them and steal them.
We also can't just rewrite the passwords in a clever code and believe that we will be the only ones who know how to translate the code, because that still doesn't guarantee that determined attackers can't figure out the code, and it also doesn't protect against attacks from inside our organization, such as rogue ex-employees.
To solve this, we must use a one-way password hash. A password hash is like using a code, except that it is impossible to decode.* This way, only the user knows his or her password. We only store the hash of the password and check it when the user logs in. This keeps our users safe and reduces our liability in the case of a data breach, which can have severe repercussions. [Include examples of companies that have been sued for insecure password storage]
* [I know it's not impossible, but probably the layman doesn't need that much detail.]