Zero Trust Model is not something that will generate accolades from shareholders, but the absence of a robust security approach increases the likelihood of damaging financial losses

Summary

Microsoft recently announced a Zero Trust Deployment Center as an offshoot of its Zero Trust Security Model. This center is intended to provide support to customers wrestling with the myriad challenges that have arisen from the accelerated digital transformations of the past several months.

The Zero Trust model incorporates several foundational principles top performing companies adopt, including, “instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network.”

In Microsoft’s words, "“never trust, always verify.”

Report

Analysis

At a time when the vast majority of ransomware attacks go undetected by companies and 91% of attacks don’t generate alerts, the Zero Trust security model offers a management systems-level approach that is characteristic of better cyber governance. The principle of ‘assuming breach’ is more reflective of a reality where the vast majority of breaches go completely undetected.

It is also more fit-for-purpose for the future economy in which a well-executed digital transformation is a difference maker in terms of market performance. We are not saying that ‘Zero Trust’ is the gold standard or the only avenue to a strong cyber posture, but it is a good example of an effective management-systems-based approach to better corporate security.

Like the secure-by-design security philosophy, the adoption of Zero Trust is not something that will be discussed on a CEO’s quarterly financial results call, or garner accolades in the financial press. But a posture of absence of a strong security foundation, in which growth and cost considerations are always prioritized over security, will increase the likelihood of loss-making events that WILL generate unwanted headlines and negative reactions from investors.

Consider ISS World or Pitney Bowes. It is safe to assume that shareholders of neither company were clamoring for details from the C-suites on their security approaches, philosophies or even objective data on how well or poorly each company was protecting its most valuable asset (technology). But when devastating ransomware attacks laid bare the security weaknesses of both companies, it was already too late for shareholders and the C-suites. Shareholders are left holding the bag: 3 months post-breach, ISS World’s share price was down 16%* relative to regional peers while PBI was down 19%*. Both companies have yet to recover.

*As of September 30, 2020

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website