The Entrust Cybersecurity Institute has unveiled its latest findings on Zero Trust adoption and encryption trends for 2024. The survey, conducted by the Ponemon Institute, underscores that the primary motivation for implementing a Zero Trust strategy is the increasing risk of cyber breaches.
“This means that implementing a Zero Trust security practice is an urgent business imperative – and the security of organizations' and their customers’ data, networks, and identities depends on it,” said Samantha Mabey, Director of Solutions Marketing at Entrust. Mabey’s statement reflects the urgent need for robust security frameworks amidst a growing threat landscape characterized by AI-generated deepfakes, synthetic identity fraud, ransomware gangs, and cyber warfare.
The 2024 State of Zero Trust & Encryption Study surveyed 4,052 IT and IT security professionals across multiple regions, including the U.S., UK, Canada, Germany, Australia, New Zealand, Japan, Singapore, and the Middle East. The findings indicate a pivotal shift in why organizations are investing in security. Unlike previous years, where compliance was the primary driver, 41% of respondents now prioritize security investments to mitigate the risks of data breaches and other security incidents.
Key Findings from the Study:
Influence of Cyber Breaches on Zero Trust Adoption: Two-thirds of surveyed organizations cite cyber-risk concerns as the critical motivators for adopting a Zero Trust strategy. This trend is particularly strong in the U.S., where 50% of organizations highlight cyber breach risks, and 29% note the expanding attack surface, culminating in 79% of entities driven by these factors.
Support vs. Resources: While 60% of organizations report significant senior leadership backing for Zero Trust initiatives, a gap remains in the availability of skills and budget. This discrepancy points to a misalignment between executive support and the practical resources necessary for implementation.
Regional Disparities in Adoption: Despite the overall increase in Zero Trust adoption, with 61% of organizations embarking on this journey, only 48% of U.S. organizations have followed suit. This lag suggests that Western entities recognize the problem but struggle to implement Zero Trust frameworks effectively, leaving them more vulnerable to cyber threats.
Cyber Hygiene and Persistent Threats: Nearly half (46%) of respondents identify hackers exposing sensitive data as their top security concern, followed by system malfunctions and unmanaged certificates. Notably, for the first time in eight years, employee mistakes are not ranked as the top security threat, highlighting the evolving nature of cybersecurity challenges.
Challenges in Credential Management: Chief Information Security Officers (CISOs) face significant hurdles in credential management due to a shortage of skilled personnel (50%), lack of clear ownership (47%), and inadequate staffing (46%). These issues underscore the ongoing difficulties in maintaining effective security measures.
The survey reveals a pressing need for financial and strategic investments in cybersecurity to keep pace with evolving threats. As Mabey emphasized, “The increasing reliance on mobile devices in cyber attacks highlights the need for comprehensive mobile and API security strategies. Smishing, or SMS phishing, underscores a significant vulnerability: employees often use the same devices for both personal and work-related activities, increasing the attack surface.”
Moreover, the study illustrates that while good cyber hygiene is essential, it alone cannot safeguard against all threats. Advanced threat detection and response strategies, combined with robust credential management and support from senior leadership, are crucial for a comprehensive security posture.