Illumio released The Zero Trust Impact Report, a research on market perspectives of zero trust strategies and the business impact of segmentation technology.
Conducted by The Enterprise Strategy Group (ESG), which surveyed 1,000 IT and security professionals in eight countries, the report discovered that 47 percent of security leaders do not believe they will be breached despite increasingly sophisticated and frequent attacks, broad adoption of zero trust technologies, and the proven business and security impact of zero trust segmentation, which isolates machines across the hybrid attack surface to stop breaches from spreading. Key findings include:
- Severity and frequency of attacks are still rising: In the past two years alone, 76 percent of organizations surveyed have been attacked by ransomware and 66 percent have experienced at least one software supply chain attack. 52 percent believe cyberattacks will result in catastrophic breaches.
- Zero trust is now the standard: 90 percent state that advancing zero trust strategies is one of their top three security priorities this year as a way to improve cyber resiliency and reduce the rising threat of attacks turning into disasters.
- Segmentation is a critical pillar of every zero trust strategy: 75 percent of segmentation pioneers, those who are classified as advanced users, believe purpose-built segmentation tools are critical to zero trust and 81 percent say segmentation is an important technology to zero trust.
- Zero trust segmentation has a quantifiable business impact: Organizations that have adopted zero trust segmentation as part of their zero trust strategy save an average of $20.1 million in application downtime, avert 5 cyber disasters per year, and plan to accelerate 14 more digital and cloud transformation projects over the next year.
“Catastrophic breaches keep happening despite another year of record cybersecurity spending. Money will not make the problem go away until security leaders move beyond the legacy approach to only focus on detection and perimeter protection,” said PJ Kirner, Illumio CTO.
“I’m shocked that nearly half of those surveyed in the Zero Trust Impact Report do not think a breach is inevitable, which is the guiding principle for zero trust, but I am encouraged by the hard business returns zero trust and segmentation deliver. Zero trust segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resiliency.”
Attacks abound in hyperconnected world
Hyperconnectivity created by digital transformation has expanded the attack surface and exposed organizations to risks never faced before. While respondents have significant concerns about many attack types, supply chain, zero-day, and ransomware attacks top the list.
- Respondents say software supply chain attacks (48 percent), zero-day exploits (46 percent) and ransomware attacks (44 percent) are the three threats that keep them up at night.
- 36 percent of respondents have been the victims of a successful ransomware attack over the past two years.
- 82 percent of respondents who were victims of a successful attack paid a ransom (42 percent paid ransom directly; 40 percent paid via cyber insurance) with the average ransom netting $495,000.
Organizations must assume breach and adopt zero trust
A zero trust approach, rooted in an assume breach mindset, is the modern strategy to reduce risk and increase cyber resiliency. 52 percent of security teams believe that their organization is ill-prepared to withstand the cyberattacks to come (22 percent say a breach would “definitely” result in business disaster; 30 percent say it “probably” would be a disaster), but zero trust adoption is rising fast:
- 90 percent report zero trust is one of their top three cybersecurity priorities, and 33 percent say zero trust is their top cybersecurity priority.
- 39 percent of all security spending over the next 12 months is earmarked to advance zero trust initiatives.
- Segmentation pioneers are nearly twice as likely to be able to stop breaches from spreading than peers who do not fully utilize segmentation (81 percent vs. 45 percent).
A whopping 96 percent of buyers prefer technologies with best-of-breed capabilities as opposed to broad platforms. 75 percent of segmentation pioneers believe purpose-built segmentation tools are critical to zero trust.
You cannot achieve zero trust without zero trust segmentation
Zero trust segmentation is a modern approach to stop breaches from spreading across hybrid IT, from the cloud to the data center. Today, a vast majority of respondents consider zero trust segmentation essential to any successful zero trust initiative (81 percent), and the report found that segmentation pioneers:
- Are 2.7X more likely to have highly effective attack response processes.
- Are 2.1X more likely to have avoided a critical outage during an attack over the last 24 months.
- Save $20.1M in annual cost of downtime.
- Are able to free up 39 person-hours per week.
- Avert 5 cyber disasters annually.
- Are accelerating digital transformation for competitive advantage with 14 more digital and cloud transformation projects planned over the next 12 months.