Lack of skills and budget slow zero-trust implementation
The risk of a cyber breach is the number one global driver for zero trust strategy implementation, according to Entrust.
The 2024 State of Zero Trust & Encryption Study surveyed over 4,000 IT security practitioners worldwide.
The survey shows that people are now more motivated to invest in security to prevent data breaches rather than to follow regulations. While compliance was the main reason for security investments in the past, 41% of respondents now prioritize security investments to reduce the risks of data breaches or other security incidents. This marks a significant change in attitudes toward why organizations invest in security.
“With the rise of costly breaches and AI-generated deepfakes, synthetic identity fraud, ransomware gangs, and cyber warfare, the threat landscape is intensifying at an alarming rate,” said Samantha Mabey, Director Solutions Marketing at Entrust. “This means that implementing a zero trust security practice is an urgent business imperative – and the security of organizations’ and their customers’ data, networks, and identities depends on it.”
Zero trust strategy implementation challenges
Two-thirds of organizations list cyber-risk concerns as the most important drivers for implementing a zero trust strategy. The pattern is even more pronounced in the US, with 50% of organizations citing cyber breach risk and 29% reporting the expanding attack surface for a combined total of 79%.
Despite 60% of organizations reporting significant senior leadership support for zero trust, a lack of skills and budget are still cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support and resource allocation.
While 62% of organizations have begun their own zero trust journey, only 48% of US organizations have, raising a concern that Western entities know they have a problem but are unable to adopt zero trust, leaving them vulnerable to cyber threats.
46% of respondents cited hackers exposing sensitive or confidential data as their top security concern, followed by system or process malfunctions and unmanaged certificates. For the first time in the past eight years, organizations did not rank employee mistakes as a top security threat.
50% of respondents identified a shortage of skilled personnel, 47% highlighted the absence of clear ownership, and 46% pointed to inadequate staffing as the primary reasons for the challenges associated with credential management.