Nearly half of all security leaders optimistic they won’t be breached

PJ Kirner, Co-founder and Chief Technology Officer at Illumio

Illumio, Inc., the Zero Trust Segmentation firm, released The Zero Trust Impact Report, the first on perspectives of Zero Trust strategies and the business impact of Segmentation tech.

Conducted by The Enterprise Strategy Group (ESG), which surveyed 1,000 IT and security professionals in eight countries, the report discovered that 47% of security leaders do not believe they will be breached despite sophisticated and frequent attacks, broad adoption of Zero Trust tech, and the proven business and security impact of Zero Trust Segmentation, which isolates machines across the hybrid attack surface to stop breaches from spreading.

What were the key findings of Illumio’s study?

These were the key findings of The Zero Trust Impact Report:

Severity and Frequency of Attacks Are Still Rising

In the past two years, over three-quarters of firms surveyed (76%) have been attacked by ransomware and two-thirds (66%) have experienced at least one software supply chain attack. More than half (52%) believe cyberattacks will result in catastrophic breaches.

Zero Trust is Now the Standard

90% state that advancing Zero Trust strategies is one of their top three security priorities so as to improve cyber resiliency and reduce the rising threat of attacks turning into disasters.

Segmentation is a Critical Pillar of Every Zero Trust Strategy

75% of segmentation pioneers, those classified as advanced users, believe purpose-built segmentation tools are vital to Zero Trust and 81% say segmentation is vital to Zero Trust.

Zero Trust Segmentation Has a Quantifiable Business Impact

Firms that have adopted Zero Trust Segmentation as part of their Zero Trust strategy save an average of $20.1m in application downtime, avert 5 cyber disasters per year, and plan to accelerate 14 more digital and cloud transformation projects over the next year.

“Catastrophic breaches keep happening despite record cybersecurity spending. Money will not make the problem go away until security leaders move beyond the legacy approach to only focus on detection and perimeter protection,” said PJ Kirner, Illumio co-founder and CTO.

“I’m shocked that nearly half of those surveyed do not think a breach is inevitable, which is the guiding principle for Zero Trust, but I am encouraged by the hard business returns Zero Trust and Segmentation deliver. Zero Trust Segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resiliency.”

What are the weak links to watch out for?

Hyper connectivity created by digital transformation has expanded the attack surface and exposed firms to risks never faced before. While respondents have significant concerns about many attack types, supply chain, zero-day, and ransomware attacks top the list.

  • Respondents say software supply chain attacks (48%), zero-day exploits (46%) and ransomware attacks (44%) are the three threats that keep them up at night.
  • More than one-third of respondents (36%) have been the victims of a successful ransomware attack over the past two years.
  • 82% of respondents who were victims of a successful attack paid a ransom (42% paid directly; 40% paid via cyber insurance) with the average ransom netting $495,000.

Why must firms assume breach and adopt Zero Trust?

A Zero Trust approach, rooted in an assume breach mindset, is the modern strategy to increase cyber resiliency. 52% of security teams believe that their firm is ill-prepared to withstand the cyberattacks to come (22% say a breach would “definitely” result in business disaster; 30% say it “probably” would be a disaster), but Zero Trust adoption is rising fast:

  • Nine in ten (90%) report Zero Trust is one of their top three cybersecurity priorities, and 33% say Zero Trust is their top cybersecurity priority.
  • 39% of all security spending in the next 12 months is earmarked to advance Zero Trust.
  • Segmentation pioneers are nearly twice as likely to be able to stop breaches from spreading than peers who do not fully utilise segmentation (81% vs. 45%).

96% prefer tech with best-of-breed capabilities as opposed to broad platforms. 75% of Segmentation pioneers believe purpose-built segmentation tools are critical to Zero Trust.

Why is Zero Trust Segmentation vital?

Zero Trust Segmentation is a modern approach to stop breaches from spreading across hybrid IT. A vast majority of respondents consider Zero Trust Segmentation essential to any successful Zero Trust initiative (81%), and the report found that Segmentation pioneers:

  • Are 2.7X more likely to have highly effective attack response processes.
  • 2.1X more likely to have avoided an outage during an attack over the last 24 months.
  • Save $20.1M in annual cost of downtime.
  • Are able to free up 39 person-hours per week.
  • Avert 5 cyber disasters annually.
  • Are accelerating digital transformation for competitive advantage with 14 more digital and cloud transformation projects planned over the next 12 months.

For more information, download a copy of report here.