The Zero Trust Hub

Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.

Subscribe on LinkedIn
Weekly Podcast

The Monday Microsegment

NEWS

Securing Your Digital Supply Chain with a Zero Trust Defense Strategy

In Help Net Security, Trevor Dearing highlights rising risks in the digital supply chain and how regulations like DORA and NIS2 aim to enhance resilience. The good news: Zero Trust and microsegmentation can greatly mitigate the threats.

Read more
NEWS

Zero Trust in Action: Using Segmentation for Ransomware Defense

On the Logistics of Logistics podcast, Trevor Dearing discusses how Zero Trust Segmentation keeps ransomware and other breaches contained, ensures security across hybrid environments, and simplifies regulatory compliance.

LISTEN NOW
Weekly Briefing

Cyber Insurance: A Crutch That’s Making Cybersecurity Worse

Gary Barlet
Public Sector CTO
February 18, 2025
7 min. read

Think cyber insurance is a panacea for your cybersecurity woes? Think again.

Cyber insurance was supposed to be a safety net — a way for organizations to mitigate financial risk when cyberattacks strike. But with S&P Global projecting a 15-20% rise in premiums in 2025 alone, it’s clear that cyber insurance has become a crutch.  

Too many businesses think they can deprioritize strong security practices in favor of a financial escape route.  

This needs to change. The existence of cyber insurance has created a culture of complacency. Companies weigh the cost of investing in cybersecurity against the ease of paying a ransom with insurance money. And too often, they choose the latter.

Cyber insurance enables bad decisions

Right now in a boardroom somewhere, a CFO is making a calculated decision: “We could invest millions in cybersecurity, but why bother when our cyber insurance policy will cover us?”  

That’s the reality of how many companies approach security today. Cyber insurance offers an “out,” making it easier to justify skimping on robust defenses.

This mentality creates a perverse incentive structure. Businesses know that if they get hit with ransomware, they can simply pay the ransom and move on. They don’t invest in modern security best practices because there’s no immediate financial urgency.

That is, until they get hit — and then, the costs go far beyond the ransom payment itself.  

A Zero Trust approach gets rid of this reactive mindset. It ensures that security is built into every layer of the organization so that ransomware can’t take hold.

The unseen costs of cyber insurance  

Organizations that rely on cyber insurance instead of strong security face long-term consequences. Here’s what they don’t factor into their cost-benefit analysis:

  • Data trust erosion: When a company gets breached, it’s not just their money at risk. It’s their customers’ trust. Clients assume their data is protected. When that trust is violated, it’s hard to rebuild.
  • Repeat attacks: Attackers target insured companies because they know the payout is almost guaranteed. If an organization pays once, it paints a target on its back for future attacks.
  • Regulatory scrutiny: Governments worldwide are cracking down on cyber insurance-fueled ransom payments. Future regulations may remove the ability to pay ransoms altogether, making insurance-based strategies obsolete.
  • Rising premiums: Cyber insurance costs are skyrocketing, and policies are becoming more restrictive. Companies that rely on insurance today may find themselves priced out of coverage tomorrow.

A Zero Trust security strategy reduces risk by eliminating unnecessary trust and limiting the attack surface.

Rather than reacting to breaches, organizations that follow Zero Trust principles take a proactive approach to securing their environments. This significantly weakens the impact ransomware and other cyber threats can have on your network.

The industry would be better off without cyber insurance

The hard truth is that cyber insurance has done more harm than good.

Without it, businesses would be forced to prioritize security, weighing the real risk of collapse against investing in protection — and most would choose security.

If ransomware payments were banned, companies would have no choice but to build resilience, adopt Zero Trust, and treat cybersecurity as essential, not optional.

Right now, companies treat cyber insurance like a fire escape: something they don’t think about until the building is burning.  

But cybersecurity isn’t a fire escape — it’s the sprinkler system, fireproof walls, fire doors, and smoke detectors that prevent a blaze in the first place.

The path forward: Zero Trust and accountability

To fix this broken system, organizations need to shift their mindset. Instead of relying on cyber insurance as a financial Band-Aid, they should:

  • Eliminate the option to pay ransoms: If paying ransoms were illegal, companies would be forced to secure their data properly.
  • Hold leadership accountable for cybersecurity investments: Security shouldn’t be a budget line item that gets cut for short-term financial gain.
  • Build true cyber resilience with Zero Trust: This means implementing least-privilege access, segmentation, immutable backups, and real-time threat detection.

At the end of the day, money drives change. To fix cybersecurity, insecurity must be the costlier option. Eliminating ransom payments and cyber insurance as a crutch will force businesses to take security seriously.

Zero Trust is the answer — it removes implicit trust, enforces strict access, and ensures attackers hit a wall, not open doors.

Cyber insurance rewards bad behavior. The sooner we move past it and embrace Zero Trust, the safer we’ll be.

Statshot

Where the Buck Stops

Responsibility for protecting organizations against ransomware is shifting, according to the 2025 Global Cost of Ransomware Study. Those saying that “no one person or function” was primarily responsible dropped by 10 percentage points, a positive trend. So who is responsible? That duty falls most often to the CISO or CIO/CTO. Nearly half of security professionals surveyed in the study named one of those two roles as primarily responsible. Another finding: more organizations now rely on incident response teams, backup and disaster recovery teams, and managed service providers.

Featured Content

Calendar of Events

Connect with us in person and online
APAC

Gartner Security & Risk Management Summit

Sydney, Australia

 · 

Mar 3

Learn more
AMS

HIMSS 2025

Las Vegas, Nev.

 · 

Mar 3

Mar 6, 2025

Learn more
AMS

RSAC™ Conference 2025

San Francisco, Calif.

 · 

Apr 28

May 1, 2025

Learn more

AI Attacks Are Here. The Creator of Zero Trust Isn't Panicking.

Many in cybersecurity hear “AI” and immediately brace for impact. But it's not a threat that keeps John Kindervag up at night. Here's why a Zero Trust approach can make defenses stronger, not just resilient.

Read more

Do Androids Dream of Zero Trust? Why We Can't Rely on AI Alone.

Just a few years ago, the idea of artificial intelligence seemed possible only in science fiction. Now it's part of everyday life. But as AI improves, some security experts fear we're depending on it too much.

Read more

How To: Simplifying Container Security Using Zero Trust

As container adoption continues to surge, securing these dynamic IT environments is a growing challenge. Illumio's Christer Swartz breaks down how Zero Trust and segmentation eliminate blind spots.

Watch now

Zero Trust Resources

eBook

Strategies for DORA Compliance: Key Role of Zero Trust Segmentation

Is your organization ready for the January 2025 DORA deadline? Discover key strategies for cyber resilience and how Illumio Zero Trust Segmentation simplifies compliance.

Read more
GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

Read more
REPORT

Cloud Security Index 2023

The Cloud Security Index 2023 reveals that 60% of IT leaders view cloud security as a significant risk, with 93% agreeing Zero Trust Segmentation is essential. Download the report to learn more about key cloud security challenges and solutions.

Read more

88% of organizations were hit by ransomware last year, with 58% shutting down operations for an average of 12 hours.

The Global Cost of Ransomware Study reveals the real impact and how to stay resilient against the next inevitable attack.

Download NOw

Top contributors

John Kindervag

Chief Evangelist

Read more

Raghu Nandakumara

Head of Industry Solutions

Read more

Sudha Iyer

VP, Security Product Management

Read more

Gary Barlet

Public Sector CTO

Read more

Trevor Dearing

Director of Critical Infrastructure Solutions

Read more

Michael Adjei

Director, Systems Engineering

Read more

Christer Swartz

Director of Industry Solutions

Read more