Entrust: Identities are the highest priority risk area for an organization’s Zero Trust strategy
MINNEAPOLIS -- The Entrust Cybersecurity Institute today released survey findings on the state of Zero Trust adoption and encryption in 2024. Entrust’s eighteenth annual study conducted by the Ponemon Institute reveals that the risk of a cyber breach is the number one global driver for Zero Trust strategy implementation.
“With the rise of costly breaches and AI-generated deepfakes, synthetic identity fraud, ransomware gangs, and cyber warfare, the threat landscape is intensifying at an alarming rate," said Samantha Mabey, Director Solutions Marketing at Entrust. “This means that implementing a Zero Trust security practice is an urgent business imperative – and the security of organizations' and their customers’ data, networks, and identities depends on it.”
The 2024 State of Zero Trust & Encryption Study surveyed 4,052 IT and IT security practitioners across the U.S., UK, Canada, Germany, Australia and New Zealand, Japan, Singapore, and the Middle East. The survey shows that people are now more motivated to invest in security to prevent data breaches, rather than just to follow regulations. While in the past, compliance was the main reason for security investments, 41% of respondents now prioritize security investments to reduce the risks of data breaches or other security incidents. This marks a significant change in attitudes toward why organizations invest in security.
Key findings from the 2024 State of Zero Trust & Encryption Study include:
- Rising rates of cyber breaches are influencing opinions on Zero Trust: Two-thirds of organizations list cyber-risk concerns as the most important drivers for implementing a Zero Trust strategy. The pattern is even more pronounced in the U.S., with 50% of organizations citing cyber breach risk and 29% reporting the expanding attack surface for a combined total of 79%.
- Senior leadership support for Zero Trust is increasing, but skills and budget aren’t keeping pace: Despite 60% of organizations reporting significant senior leadership support for Zero Trust, a lack of skills and budget are still cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support and resource allocation.
- Zero Trust adoption is exploding, but lagging in the West: While 61% of organizations have begun their own Zero Trust journey, only 48% of U.S. organizations have, raising a concern that Western entities know they have a problem but are unable to adopt Zero Trust, leaving them vulnerable to cyber threats.
- Good cyber hygiene alone can’t safeguard against all threats: 46% of respondents cited hackers exposing sensitive or confidential data as their top security concern, followed by system or process malfunctions and unmanaged certificates. For the first time in the past eight years, organizations did not rank employee mistakes as a top security threat.
- People, skills, and ownership remain painful hurdles for CISOs to achieve effective credential management: 50% of respondents identified a shortage of skilled personnel, 47% highlighted the absence of clear ownership, and 46% pointed to inadequate staffing as the primary reasons for the challenges associated with credential management.