Estimated reading time: 5 minutes
When Familiar Routines Fail: Zero Trust Security and the High Cost of Staying Comfortable
Humans cling to the familiar. It’s in our DNA, the instinct to favor the known over the unknown. From choosing the same route to work to resisting new workplace tech, this preference for routine offers comfort, control, and perceived safety. But in cybersecurity, this old habit is costing us. Billions, in fact. A new report suggests that if organizations embraced zero trust security, they could prevent nearly a third of global cyber incidents. That’s a potential $465 billion in economic losses dodged every year from things like ransomware — simply by rethinking what “safe” means.
Instead of trusting everything inside a network perimeter, zero trust flips the script: “Never trust, always verify.” It’s a mindset shift that many resist, but those who adapt stand to gain big — both in security and in the eyes of cyber insurance underwriters.
Insurers Back Zero Trust’s Claims-Saving Power
Cyber insurance providers are taking notice. A report from Zscaler, utilizing the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset, shows that zero trust could reduce insured cyber losses by up to 31% annually. In the U.S. alone, that’s $2.3 billion in insurance savings.
Scott Stransky of Marsh McLennan noted, “Being able to quantify the cost associated with the lack of zero trust implementation has not been previously investigated. The figure demonstrates the value and benefit of such controls.”
In other words, ignoring zero trust is no longer just a technical misstep — it’s a financial liability.
Biggest Businesses, Biggest Gains
The report found that companies with more than $1 billion in revenue have the most to gain from implementing these strategies. For organizations exceeding $100 billion, as many as 60% of cyber incidents were deemed preventable with zero trust architecture. Smaller businesses were attacked more frequently, but their incidents were less likely to be mitigated by zero trust due to different threat profiles.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
High-Risk Industries Stand to Save
The report broke down results by industry, with construction, real estate, transportation, and information services showing the most dramatic benefits. In these sectors, up to 50% of incidents could be mitigated by zero-trust security — and with it, the associated recovery costs, downtime, and reputational harm.
Healthcare and finance, while tightly regulated, also stand to benefit. Over one-third of healthcare-related incidents and one-quarter of financial industry breaches could have been stopped.
Stephen Singh, Global VP at Zscaler, underscored this: “This report underscores the importance of recognizing Zero Trust as a fundamental cybersecurity control that fortifies cyber hygiene.”
Ransomware and Zero Trust: A Defensive Match
With ransomware attacks surging 126% in a single year, the study underscores the crucial role of zero trust security. Most ransomware breaches involve lateral movement once a hacker enters. Zero trust stops this by not assuming that internal users or devices are safe. Instead, it requires continuous verification at every step.
More Incidents But Less Protection in North America
Interestingly, North America experienced far more cyber events than Europe or Asia — four times as many as Europe, to be exact. However, Europe showed a higher percentage of incidents that zero trust could have prevented. The highest potential was in Oceania, where up to 42% of incidents were deemed zero trust preventable, compared to 31% in North America.
A Turning Point for Cyber Insurance
Companies that deploy zero trust are now gaining leverage in the cyber insurance market. Tools like Zscaler’s Risk360 help organizations quantify their cyber risk, streamlining underwriting and renewal processes. Some Zscaler customers are already receiving more favorable premiums, with insurers recognizing the architecture as a sign of maturity and resilience.
Darin Hurd, CISO at Guaranteed Rate, said, “We now have independent validation that zero trust offers significant benefits. Companies that prioritize zero trust investments gain a significant edge as cyber defenders.”
Breaking the Habit: The True Cost of Resistance
Adopting zero trust may feel like abandoning the familiar — just as replacing your home’s locks and giving out no spare keys would seem extreme to someone used to leaving doors open. But that resistance comes at a steep cost. The desire for control and comfort, while natural, is leaving billions on the table.
To paraphrase George Bernard Shaw: “Progress is impossible without change, and those who cannot change their minds cannot change anything.”
It’s time we changed our minds about trust.
Explain It Like I’m a 5th Grader or A CEO
Imagine you’re guarding a castle with a drawbridge. Once someone’s inside the walls, you treat them as safe, friend or foe. That’s how traditional IT security works.
Now, imagine instead that every hallway, every room, every cupboard requires its own passcode, checked every time. That’s zero trust.
It’s more work up front, yes — but when dragons (read: ransomware gangs) are flying over the walls, you’ll be glad every door wasn’t wide open.
RELATED NEWS
