IBM research studied that companies that adopted a zero trust security approach were better positioned to deal with data breaches. This approach operates on the assumption that user identities or the network itself may already be compromised, and instead relies on AI and analytics to continuously validate connections between users, data and resources.

Impact of ZeroTrust Approach:

Organizations with a mature zero trust strategy had an average data breach cost of $3.28 million – which was $1.76 million lower than those who had not deployed this approach at all.

Those who have deployed zero trust tend to be in the middle or mature stages of deployment. Of respondents that have fully or partially or fully deployed zero trust, 14% are in early stage deployment, 38% middle stage and 48% mature stage.

This means just 16.8% of organizations in the study have a mature stage zero trust approach (i.e., 48% of the 35% of respondents that have deployed zero trust)

Costs stayed lower for organizations in the mature stage of zero trust. The average cost of a data breach was higher for organizations that had not deployed/not started to deploy zero trust. Costs for those that had zero trust depend on level of maturity. The average cost of a breach was $5.04 million in 2021 for those with no zero trust approach. In mature stage of deployment, the average cost of a breach was $3.28 million.

This difference of $1.76 million between mature zero trust organizations and organizations without zero trust is a cost difference of 42.3%. The difference between early stage zero trust (average cost of a breach $4.38 million) and mature stage ($3.28 million) was $1.10 million, for a cost difference of 28.7%

Use of strong encryption, a key component of zero trust, was a top mitigating cost factor. In an analysis of 25 cost factors that either amplified or mitigated the average total cost of a data breach, use of high standard encryption was third among cost mitigating factors, after mature use of AI platforms and mature use of analytics.

Organizations using high standard encryption (using at least 256 AES encryption, at rest and in motion), had an average total cost of a breach of $3.62 million, compared to $4.87 million at organizations using low standard or no encryption, a difference of $1.25M or 29.4%.

(Image Courtesy:

Leave a Reply

Your email address will not be published. Required fields are marked *