Illumio has released The Zero Trust Impact Report, which discovered that 47 per cent of security leaders do not believe they will be breached despite increasingly sophisticated and frequent attacks.
Conducted by the Enterprise Strategy Group (ESG), which surveyed 1,000 IT and security professionals in eight countries, the key findings of the report have found the severity and frequency of attacks are still rising. In the past two years alone, more than three-quarters of organisations surveyed (76 per cent) have been attacked by ransomware and two-thirds (66 per cent) have experienced at least one software supply chain attack. More than half (52 per cent) believe cyber attacks will result in catastrophic breaches.
According to PJ Kirner, Illumio co-founder and CTO, catastrophic breaches keep happening despite another year of record cyber security spending.
"Money will not make the problem go away until security leaders move beyond the legacy approach to only focus on detection and perimeter protection.
“I’m shocked that nearly half of those surveyed in the Zero Trust Impact Report do not think a breach is inevitable, which is the guiding principle for zero trust, but I am encouraged by the hard business returns zero trust and segmentation deliver.
"Zero trust segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resiliency," Kirner said.
The study also found that about 75 per cent of segmentation pioneers, those who are classified as advanced users, believe purpose-built segmentation tools are critical to zero trust and 81 per cent say segmentation is an important technology to zero trust.
Organisations that have adopted zero trust segmentation as part of their zero-trust strategy save an average of $20.1 million in application downtime, avert five cyber disasters per year, and plan to accelerate 14 more digital and cloud transformation projects over the next year which demonstrate zero trust segmentation has a quantifiable business impact according to the report.
Hyper connectivity created by digital transformation has expanded the attack surface and exposed organisations to risks never faced before. While respondents have significant concerns about many attack types, supply chain, zero-day, and ransomware attacks top the list.
Respondents also say software supply chain attacks (48 per cent), zero-day exploits (46 per cent) and ransomware attacks (44 per cent) are the three threats that keep them up at night. More than one-third of respondents (36 per cent) have been the victims of a successful ransomware attack over the past two years.
About 82 per cent of respondents who were victims of a successful attack paid a ransom (42 per cent paid ransom directly; 40 per cent paid via cyber insurance) with the average ransom netting $495,000.
According to Illumio, organisations must assume breach and adopt zero trust. A zero-trust approach, rooted in an assume breach mindset, is the modern strategy to reduce risk and increase cyber resiliency. The data reveals about 52 per cent of security teams believe that their organisation is ill-prepared to withstand the cyber attacks to come (22 per cent say a breach would "definitely" result in business disaster; 30 per cent say it "probably" would be a disaster).
Nine in 10 (90 per cent) respondents have reported zero trust is one of their top three cyber security priorities, and 33 per cent say zero trust is their top cyber security priority – a further 39 per cent of all security spending over the next 12 months is earmarked to advance zero trust initiatives.
Segmentation pioneers are nearly twice as likely to be able to stop breaches from spreading than peers who do not fully utilise segmentation (81 per cent v 45 per cent). However, a whopping 96 per cent of buyers prefer technologies with best-of-breed capabilities as opposed to broad platforms. Finally the report found that 75 per cent of segmentation pioneers believe purpose-built segmentation tools are critical to zero trust.