Zero Trust now a boardroom discussion

Okta’s fourth annual State of Zero Trust Security report reveals that budgets for Zero Trust initiatives are increasing for 85% of organisations.

Zero Trust has quickly progressed from a buzzword to a critical business imperative, Okta’s 2022 State of Zero Trust Security Report has found. Today, 97% of businesses say that they have a Zero Trust initiative in place or will have one in the next 12-18 months, rising from 16% in 2018 - a more than 500% increase in the past four years.

EMEA businesses are dragging their feet on Zero Trust strategy - but budgets are on the rise

Businesses in EMEA (Europe, Middle East and Africa) are falling behind other regions when it comes to having a defined Zero Trust strategy. Just 36% of organisations say they currently have a strategy in place, compared to 50% in APAC (Asia & Pacific) and 59% in North America. However, this is set to change with EMEA leading the race in terms of budget increases for Zero Trust strategies. 90% of businesses in EMEA are increasing investment, compared to 83% in APAC and 77% in North America.

In terms of the biggest challenges for businesses implementing Zero Trust initiatives, talent shortages are listed at the top in North America and APAC, and among the Global 2000. However, in EMEA, cost concerns are judged to be an equivalent challenge with awareness of solutions to support Zero Trust ranked even higher.

Globally, 80% of all organisations say identity is important to their overall Zero Trust security strategy, and an additional 19% go so far as calling identity business critical. This means that 99% of organisations cite identity as a major factor in their Zero Trust strategy. Among CISOs and other members of the C-suite specifically, 26% deem identity business-critical.

“Organisations in EMEA need to alter their approach to cybersecurity if they want to safeguard systems, data, workforces, and customers in a continually changing world”, comments Ian Lowe, Head of Industry Solutions, EMEA at Okta. “The region is making significant progress in their Zero Trust initiatives, but businesses still face a number of challenges, like improving awareness, skill shortages and making significant investments to help their teams implement new technologies.”

EMEA is most balanced when it comes to usability and security concerns

Okta’s research shows that finding the balance between usability and security concerns is an ongoing challenge for organisations today. The shift toward security is more pronounced in APAC and North America, with the EMEA region reporting a more balanced prioritisation between the two.

“Companies are now leveraging pandemic-era investments in usability, and catching up on some security debt,” adds Lowe. “But increasingly, they are also realising that stronger security and better usability aren’t necessarily at odds anymore. Passwordless technologies, as an example, simultaneously improve the user experience by making logging in frictionless, whilst also being more secure.”

Healthcare and financial services strive ahead, whilst Government falls behind on passwordless access

For financial services and healthcare organisations, most of the definitional work to get Zero Trust initiatives in place is already happening.

Within financial services:

•Nearly 100% of financial service respondents plan to have a Zero Trust initiative underway within the next 12-18 months

•Nearly half (48%) already have such an initiative in place today

•75% of financial services companies expect to have SSO and/or MFA extended to servers, databases, and APIs within 18 months

Within healthcare:

•58% of respondents have already begun implementing their Zero Trust initiatives, representing a 20% increase from 2021

•99% say identity plays an important or business critical role in their overall Zero Trust security strategies

•All healthcare respondents say they plan to have extended SSO and/or MFA to SaaS apps, internal apps, and servers in the coming 12-18 months

Nearly 22% of respondents from financial services companies indicate that they will adopt passwordless access options in the coming 12-18 months, while 16% of healthcare and software companies plan to follow suit. Government institutions lag behind, with only 7% either already having passwordless access in place, or planning to implement this in the coming months. Yet, nearly all government respondents around the world say that identity is an important part of their overall Zero Trust strategy, with 19% deeming it as business-critical.


The partnership will enable Armadillo’s customers to maintain strong encryption standards, whilst mitigating against malicious activity hidden within encrypted network traffic.
New partnership will allow stor.ai to offer grocers Web Application Firewall (WAF) capabilities to secure e-commerce platforms and prevent cyber attacks quickly and seamlessly.
Majority of employees still rely on username and password authentication.
Illumio, Inc., the Zero Trust Segmentation company, has introduced Illumio Endpoint®, a reimagined way to prevent breaches from spreading to clouds and data centers from laptops.
According to new Venafi research, complexity due to increase, as companies plan to host more than half their applications in the cloud.
Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.
Although progress has been made, organisations are still paying out.
New research from Forcepoint exposes how CNI cybersecurity professionals need greater support to prevent burnout from the pressure of securing high-threat, high-complexity environments.