Properly implemented zero trust security could head off nearly a third of cyber attacks globally, saving up to $465 billion in financial losses every year.
An analysis of hundreds of thousands of cyber incidents by cloud security firm Zscaler found that the overall figure was higher in Europe, where 41% of events were assessed as being potentially preventable through zero trust architecture, compared with just 31% in North America.
It's companies with over US $1 billion in revenue that have the most to gain from deploying zero trust. In 2023, the researchers said, zero trust could have averted as many as six in ten of all incidents involving companies with revenue over $100 billion.
The industries with the most to gain, meanwhile, were construction, wholesale trade, information, and manufacturing. Finance and insurance, mining oil and gas, and utilities were assessed as likely to see the smallest benefit from zero trust, although even here, it could have averted at least one in five incidents.
"This report underscores the importance of recognizing zero trust as a fundamental cybersecurity control that fortifies cyber hygiene," said Stephen Singh, global vice president for M&A/divestiture and cyber risk at Zscaler.
"With the external attack surface identified as a key predictor of potential breaches, adopting zero trust and phasing out outdated, high-risk technologies such as firewalls and VPNs shows a dramatic reduction in risk exposure."
It's the rising tide of ransomware – up 126% over the year – that's making zero trust more vital. And while attacks by some of the larger ransomware gangs are becoming increasingly sophisticated, Zscaler said many of these could have been mitigated by the use of zero trust.
Implementing zero trust can also make for cheaper insurance, with some cyber insurance underwriters taking it into account when calculating business risk.
"We now have independent validation that zero trust offers significant benefits for cyber security practitioners responsible for mitigating business risk - companies that prioritize zero trust investments gain a significant edge as cyber defenders," said Darin Hurd, CISO at Guaranteed Rates.
And, said Tim Riley, SVP of product at cyber insurer Resilience, "Through our ongoing engagement with clients to quantify and mitigate cyber risk, Resilience can affirm that adopting a zero trust architecture strengthens an organization's ability to withstand and recover from cyber incidents."
Organizations do seem to be catching on to the benefits. A recent report from AlgoSec, for example, found that more than half of organizations are now fully or partially implementing zero trust, although one in five said they were still in the learning phase.
And, the researchers found, some were struggling, finding it difficult to translate zero trust principles into actionable policies, especially when it came to complex multi-cloud and hybrid environments.
But, said Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Intelligence Center, and leader of the Zscaler study, "The large cost associated with the lack of zero trust reveals its true value to companies and the cyber world."
-
DocuSign doubles down on IAM with partner program evolutionThe company's latest channel initiative introduces new specializations, tailored tracks, and go-to-market support for partners
-
HP Chromebook Plus 15a reviewReviews Very little about this Chromebook is anything more than adequate, but it's an effective productivity device with a bargain basement price tag
-
Microsoft ramps up zero trust capabilities amid agentic AI pushNews The move from Microsoft looks to bolster agent security and prevent misuse
-
Zero trust gains momentum amid growing network visibility challengesNews Organizations are looking to automation, orchestration, and risk mitigation as key security priorities
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
-
Cognizant and Zscaler expand partnership to launch new AI-powered zero trust security toolsNews The pair’s expanded partnership aims to help customers simplify their security setups while tackling evolving cyber threats
-
The evolution of SASE and its importance in zero trustSupported Content SASE has been an increasingly important security framework for five years – but integrating zero trust is crucial to its success
-
Why siloed thinking could be undermining your zero trust strategy
Advertisement Feature Despite the majority of businesses now moving towards a zero trust strategy, a siloed view of security means many are unable to fully embrace everything the technology has to offer
-
The state of zero trust transformation, 2023whitepaper From prevention to enablement: Leveraging the full potential of zero trust for the highly mobile and cloud-centric enterprise
-
A brief history of zero trustwhitepaper The cybersecurity game changer, from concept to cornerstone
