Over two-thirds of European organizations have begun developing a zero trust strategy, up from around a quarter in 2020, according to Forrester.
The analyst house, which first coined the term over a decade ago, said a further 15% were planning to adopt zero trust tech.
Its new report, Zero Trust Comes Into The Mainstream In Europe, Forrester also claimed that public sector organizations are taking a lead in the region.
“Among European security decision makers at government or public sector organizations, 82% believe their enterprise architecture is invested in and supports zero trust in their organization, compared to 72% of security decision makers at non-governmental or public sector organizations,” the report noted.
“Recent geopolitical events have increased the focus on improving cybersecurity of critical infrastructure. Regulations such as NIS2 aim to standardize cybersecurity methodologies across EU member states, and zero trust philosophies will be invaluable in ensuring effective integration and cross-functionality.”
It appears that many of those who are accelerating zero trust plans are being driven to do so from their experiences in the past. All of those implementing or improving zero trust solutions have suffered at least one breach in the past 12 months that impacted key business processes or incurred cyber insurance penalties, the report stated.
German organizations appear to be most committed to the cause: 79% said it was a priority versus 68% in the UK and 66% in France.
However, there are still roadblocks to furthering zero trust plans across Europe. Forrester senior analyst Tope Olufon pointed to regulatory challenges as key. Specifically, implementation of user behavioral analytics and privileged session monitoring is problematic given local privacy laws and strong worker representation.
“Zero trust is driven by data, which naturally raises questions around privacy. Initiatives such as identity and access management involve additional consideration to avoid infringing on employee rights and running foul of regulation,” said Olufon.
“On the topic of data, collection is just one part of the complexity; where the data is sent to and stored also introduces new considerations. As regulation tightens about how European data is generated, security leaders need to consider how the data needed to power zero trust is handled.”