Zero Trust is Reshaping Cyber Insurance by Reducing Risk

In an era where ransomware attacks continue to show the shortcomings of perimeter-based defenses, Zero Trust has proven itself as a game-changer for cyber insurance outcomes.

A landmark report from Zscaler, leveraging Marsh McLennan’s Cyber Risk Intelligence Center, found that up to 31% of cyber losses could have been prevented with Zero Trust architecture properly deployed alongside solid cyber hygiene. That translates into $465 billion in avoided global economic damage annually–a staggering figure with major implications for both security leaders and insurers.

Where Traditional Security Fails

Traditional security models rely on perimeter security appliances like firewalls and virtual private networks (VPNs), but recent data paints a troubling picture: these very devices are often the initial access vector in ransomware attacks. According to Coalition insurance claims data, organizations using perimeter security products like firewalls and VPN’s are up to 12 times more likely to report a claim.

Why? Because perimeter defenses foster a false sense of security, encouraging risky behavior like enabling firewalls, VPN’s, remote desktop protocol (RDP) or skipping multi-factor authentications (MFA) under the illusion of “protected borders.” In contrast, Zero Trust assumes breach, verifying every user, device, and application continuously, thereby limiting an attacker’s ability to access and move within a network, even after an initial compromise.

Real-World Impact: The Zscaler Zero Trust Exchange and Cyber Insurance

Organizations that deploy the Zscaler Zero Trust Exchange are not only reducing the risk of breaches and business interruption stemming from ransomware or other attacks, they're also seeing measurable improvements in cyber insurance outcomes.

Take Risk360, Zscaler’s cyber risk quantification engine, which helps customers translate Zero Trust posture into dollar-value risk assessments. With telemetry from 50+ million devices and deep visibility across IT estates, Zscaler equips underwriters with the data needed to streamline cyber insurance applications and renewals.

That’s already happening. Through relationships like Zscaler and Resilience Insurance, organizations can now feed Zero Trust telemetry into insurance renewals. The result?

• Simplified Zero Trust inclusion, during policy submissions
• Better assessment of overall risk
• Understanding of Zero Trust controls that address exposure 

Beyond the Boardroom: Proving ROI on Security Investments

Cyber insurance isn’t just a financial backstop; it’s becoming a real-time barometer of cybersecurity maturity. And Zero Trust is proving its worth.

Darin Hurd, CISO of US-based mortgage company Guaranteed Rates, puts it plainly: “We now have independent validation that Zero Trust offers significant benefits... Companies that prioritize Zero Trust investments gain a significant edge as cyber defenders.”

IBM’s 2024 Cost of a Breach Report provides further confirmation: organizations with Zero Trust experience 20.5% lower breach costs than those without. The report puts the average cost of a breach in the US at $9.48 million.

Zero Trust: Best Practice and Business-Critical

As the threat landscape evolves, organizations can no longer afford to rely on outdated perimeter defenses. Apply proper cyber hygiene in addition to Zero Trust is a better approach. It’s a risk management imperative for cyber resilience. When properly deployed, Zero Trust reduces the external attack surface, prevents lateral spread, protects against comprise and data loss, resulting in:  

• Enhanced cyber insurability, often resulting in more favorable policies
• Prevents one third of cyber events
• Cuts breach costs by over 20%
• Reduces insured loss by up to 31%

Zscaler’s industry leading Zero Trust Exchange solution enables clients to identify, mitigate and report on their security posture, while streamlining the cyber insurance submission and renewal process with an automated Zero Trust addendum. 

We knew it. Insurers knew it. Attackers knew it. And now, thanks to Zscaler and Marsh McLennan, we have the data to prove it.