Bit more on the Gartner prediction front — Gartner, Inc. predicts that by 2026, 10% of large enterprises will have a mature and measurable zero-trust program, up from less than 1% today. That said, the approach isn’t a cure-all. Gartner analysts predict that through 2026, more than half of cyberattacks will be aimed at areas that zero-trust controls don’t cover and cannot mitigate.
Gartner recommends that organizations implement zero trust to improve risk mitigation for the most critical assets, as this is where the greatest return on risk mitigation will occur. However, zero trust does not solve all security needs. CISOs and risk management leaders must also run a continuous threat exposure management (CTEM) program to better inventory and optimize their exposure to threats beyond the scope of ZTA.
According to a study released Tuesday by the Neustar International Security Council, only about half of companies are getting the proper budgets they need to meet their current cybersecurity requirements.
Less than one-third of IT and security professionals said their cybersecurity budgets would remain the same this year, while 6% expect them to fall. Of those, 44% said the budget stagnation or cuts would expose their businesses to more cyber risk.
Why do we care?
10% of large businesses doesn’t seem like a lot. The federal government has more of a mandate than that. I’m still a believer in the approach but will note that it’s not a cure-all, and it’s not moving very quickly… and it’s hard to do. Someone who can figure this space out and implement it more easily will do very well.