Data has become the most valuable asset for modern businesses. As such, it is becoming an attractive target for cybercriminals, and we’re not just talking about the data that is explicitly owned by the business.
When people entrust their private details to any organisation, like their full name, address, social security number, credit card details or even their medical history, keeping the information private has become of paramount importance. Otherwise, the organisation’s reputation and credibility will take a major hit, leading to a breach of trust that is difficult to win back and a diminished bottom line. This is why data breaches have become such a costly issue for businesses, with a single cyber incident costing companies an average of USD $4.24 million this year globally, according to the IBM Cost of Data Breach Report 2021. That amount is the highest in 7 years and represents a 9.8% increase from 2020 and a significant 11.9% rise since 2015.
IBM’s findings underpin a need for a more proactive approach to cybersecurity, one that ideally leverages the zero-trust security architecture. In this approach, an organisation does not automatically extend trust to anything or anyone, from staff to sources to devices and connections, and rigorously and extensively verifies everything and everyone to secure all potential cyber attack vectors. Adopting zero-trust is particularly vital given the rise of insider threats—turn cloaks, negligent employees and moles, for instance—who can significantly expose organisations to data breaches and other cyber incidents.
Hence, the sooner companies realise that zero-trust security is not merely some buzzword in cybersecurity, the better. This is because it works, with the same IBM report highlighting how the average cost of a data breach goes up to USD $5.04 million in organisations not utilising the zero-trust approach. The cost decreases to USD $4.38 million in organisations with an early stage zero-trust architecture, USD $3.71 million in organisations with a middle stage zero-trust architecture and USD $3.28 million in organisations with mature zero-trust architecture already.
Critically, of the organisations IBM surveyed, 65% admitted to not having adopted the zero-trust approach, while just 35% have deployed it either fully or partially. Of that 35%, however, only 20% now have zero-trust security in its mature state, or just 16.8% of all respondents, and are now reaping its immense security benefits. On the other hand, nearly half (43%) of the 65% still without the zero-trust architecture have no plans to deploy it whatsoever, while 22% are planning to do so in the next 12 months.
Soon enough, the zero-trust approach will become a necessity moving forward given continuing digital transformation across industries and, critically, the unabated growth of e-commerce globally, which means organisations will be handling even more sensitive data in the years ahead. To that end, organisations will need to look at zero-trust as being a marathon and not a sprint in that it will take time to build, and will require companies to adapt continuously. Nevertheless, that marathon needs to start somewhere, and companies do not always have to do it all alone. If they are shorthanded or lack the necessary expertise and know-how, they can employ the help of experts from IBM Garage, who work with enterprises big or small to create a modern, adaptable zero-trust security environment.