Why Zero Trust Could Be the Key to Lowering Cyber Insurance Claims

A new study published by Zscaler, in collaboration with Marsh McLennan’s Cyber Risk Intelligence Center, reveals that implementing a zero trust security architecture could have prevented up to 31% of cyber losses globally—equating to $465 billion in potential economic savings each year.

The findings are based on Marsh McLennan’s proprietary dataset tracking eight years of cyber incident insurance claims. The analysis estimates that widespread zero trust deployment would have substantially lowered both insurance claims and cyber-related economic losses across sectors.

Global Insights: North America Hit Hardest, Europe Most Preventable

The research shows that North America experienced nearly four times the number of cyber incidents compared to Europe over the past eight years. However, the percentage of attacks preventable by zero trust was higher in Europe (41%) than in North America (31%).

“Being able to quantify the cost associated with the lack of zero trust implementation has not been previously investigated,” said Scott Stransky, Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center. “The figure demonstrates the value and benefit of such controls and highlights the potential benefits of greater cyber hygiene across industries.”

Ransomware Surge Elevates Zero Trust Relevance

The report also notes that ransomware incidents increased by 126% in a single year, driving a higher proportion of events that could have been mitigated with zero trust controls. Notably, large enterprises with annual revenue over $1 billion stood to benefit most from the approach, with 60% of attacks considered preventable through zero trust deployment.

Zero Trust as a Foundational Control

“Zero Trust is not just a buzzword—it is a critical control for modern cyber resilience,” said Stephen Singh, Global Vice President, M&A/Divestiture and Cyber Risk at Zscaler. “Phasing out outdated, high-risk technologies like firewalls and VPNs in favour of Zero Trust significantly reduces risk exposure.”

Zero trust works by continuously verifying every user, application, and device, dramatically narrowing the attack surface and preventing lateral movement within enterprise systems.

Cyber Insurance Impact and Risk Quantification

Darin Hurd, CISO at Guaranteed Rates, added: “We now have independent validation that Zero Trust offers significant benefits for cyber security practitioners. Companies that prioritise Zero Trust investments gain a significant edge as cyber defenders.”

Some Zscaler customers are already receiving favourable terms from cyber insurers by demonstrating adoption of the Zero Trust Exchange platform. Tools such as Risk360, part of the Zscaler Zero Trust Exchange, allow organisations to quantify business risk accurately, supporting cyber insurance applications and renewals.

Built on Zscaler’s Data Fabric for Security, Risk360 leverages telemetry from over 50 million connected devices, offering end-to-end visibility across IT environments and helping enterprises present clear cyber risk profiles to underwriters.