Zero Trust Security Reduces Cyber Insurance Claims, Preventing up to $465 Billion Annually in Global Economic Loss from Cyber Attacks

• Nearly a third of the cyber events encompassed by the study potentially could have been prevented if zero trust was deployed, assuming proper cyber security hygiene was also applied
• Companies can limit the risk of a damaging cyber incident by deploying zero trust, potentially reducing insured cyber loss by up to 31% annually

Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published a special report, examining the number of cyber incident insurance claims that potentially could have been avoided if the victim organization had deployed a zero trust architecture. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight-years, which collates cyber incidents from past claims, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses.

The analysis showed that North America experienced significantly more cyber incidents than the rest of the world during the past eight-year period, experiencing almost four times the amount of European cyber incidents. However, of the total incidents encompassed by the study, the percentage of attacks that potentially could have been mitigated by zero trust was greater internationally, with 41% of European events assessed as potentially preventable through zero trust architecture compared to 31% of events in North America.

Scott Stransky, Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center, said: “Being able to quantify the cost associated with the lack of zero trust implementation has not been previously investigated. The figure demonstrates the value and benefit of such controls, and highlights the potential benefits of greater cyber hygiene across industries.”

The report highlighted that the rise in ransomware incidents, which increased 126% in a single  year, has elevated the proportion of events that zero trust could have mitigated globally. From a size perspective, companies with over $1 billion in annual revenue stood to benefit the most from zero trust implementation, with 60% of attacks being deemed mitigable.

Stephen Singh, Global Vice President, M&A/Divestiture and Cyber Risk,  Zscaler, said: “This report underscores the importance of recognizing Zero Trust as a fundamental cybersecurity control that fortifies cyber hygiene.  With the external attack surface identified as a key predictor of potential breaches, adopting Zero Trust and phasing out outdated, high-risk technologies such as firewalls and VPNs, shows a dramatic reduction in risk exposure.” 

Zero trust significantly increases the security of enterprise IT infrastructure and limits the ability for attackers to cause widespread and costly damage, by requiring continuous verification of every user, application, and device accessing an enterprise.

Darin Hurd, CISO at Guaranteed Rate, commented: "We now have independent validation that zero trust offers significant benefits for cyber security practitioners responsible for mitigating business risk -  companies that prioritize zero trust investments gain a significant edge as cyber defenders.”

Some Zscaler customers are already receiving more favorable policies when partnering with cyber insurance underwriters, using Zscaler to accurately quantify business risk. Risk360, a part of the Zscaler Zero Trust Exchange^TM security platform, is a powerful cyber risk quantification service that streamlines cyber insurance applications and renewals. 

Built on Zscaler's powerful Data Fabric for Security, Risk 360 provides organizations with a comprehensive and accurate cyber risk profile. With more than 50 million devices using Zscaler agents to collect and share telemetry, the platform provides in-depth visibility across an IT estate, enabling customers to share their zero trust adoption during the underwriting process.

Download the full version of the special report now to dive further into the data.