State of Zero Trust Across Industries

Written by Christopher Niggel, Regional CSO, Americas at Okta.

As we begin a new year, we reflect on the progress we’ve made over the past year, and our Zero Trust journeys are no different. In this installment of the Zero In column, we look at benchmarks from Okta’s latest State of Zero Trust report to compare our progress against our peers. Let’s take a look at how a few key sectors have fared in 2023:

Healthcare stood out as being the only sector where we saw a decrease in active Zero-Trust programs: 58% of organizations reported an initiative in place in 2022, falling to 47% in 2023, possibly due to reduced spending. However, healthcare organizations are poised to outpace the global average when it comes to plans for the next 6 to 12 months: 38% plan an implementation in that timeframe vs. just 28% for global organizations. Healthcare organizations report that Multi-Factor Authentication and cloud directory connections are primary projects, demonstrating a focus on the identity tier of the Zero Trust model. There is a silver lining here: Phishing-Resistant authenticator adoption is up, with 20% of organizations on average reporting the use of security keys or biometrics.

The Public Sector saw a significant jump in the visibility of Zero Trust programs with the recent releases of strategies from multiple governments. With 58% reporting an active Zero Trust program, the public sector still lags behind the private sector at 61%. 6-to-12-month planning is outpacing the global average, so we do expect to see the public sector catch up. Interestingly, organizations report that primary security projects include deployment of Multi-Factor Authentication for external users and API access security, showing commitment to securing constituents.

Financial Services continued to lead the way in adoption as a full 71% of the financial services organizations reported having an active Zero Trust initiative in place. Compared to recent years, just one-third of respondents in this sector reported having a defined Zero Trust initiative in 2021, and in 2022 that number jumped to nearly 50%. Multi-Factor Authentication again leads the way as the primary security project for organizations, with 42% planning to implement it in the next 12–18 months. Privileged access management for the cloud is next, at 36%. Phishing-Resistant authentication adoption is building, but Financial Services are still the most reliant on SMS-based authentication, with 38% of surveyed organizations reporting its use.

Software companies are quickly catching up with their peers in the journey to Zero Trust. In 2021, less than 10% of respondents in this category had Zero Trust initiatives in place, and today the number is just shy of 70%, with nearly all the remaining respondents saying they are planning to start one in the near future. Interestingly, software company projects scored Multi-Factor Authentication and securing access to APIs as equally important, shining light on the importance of the “API economy.” Software companies also showed the highest adoption of Phishing-Resistant authentication at 21%.

Overall, we found continuing growth in Zero Trust initiatives, buoyed by increasing budgets for these projects, even while IT and Security budgets are generally feeling pressure. In fact, roughly 80% of surveyed organizations reported increases in their 2023 Zero Trust budgets compared to last year. As we begin 2024, it’s clear that this will be the year this architecture becomes ubiquitous, and we look forward to hearing your stories about your journey.