PROVING REASONABLE CYBER SECURITY: THE EMERGING ROLE OF ZERO TRUST

Advances in artificial intelligence (AI) have dramatically impacted cyber security. Threats that seemed like something out of science fiction just a few years ago have become commonplace. Generative AI now enables cyber criminals to create convincing personalised phishing emails tailored to their targets, fuels the ransomware as a service market by reducing barriers to entry for inexperienced hackers, and cuts the average amount of time threat actors need to exploit vulnerabilities.

The emergence of these enhanced and expanded threats, coupled with increased organisational reliance on cloud services, software as a service, bring your own device (BYOD), distributed workforces and third-party vendors has led to a shift from the ‘castle and moat’ location-based security model to a zero trust identity-focused cyber security framework. A 2024 report by Gartner found that 63 percent of organisations worldwide had fully or partially implemented a zero trust cyber security strategy, with over half of them attributing their decision to the view that zero trust is considered an industry best practice.

As threat actors utilise AI to launch sophisticated attacks and the zero-trust approach to cyber security becomes more widely adopted, the use of zero-trust adoption as a shield and a sword in data breach litigation is not far behind. Lawyers, chief information security officers (CISOs) and governance professionals should prepare for evidence of zero-trust implementation to become central to judicial and regulatory determinations of the ‘reasonableness’ of corporate cyber security programmes.

Apr-Jun 2026 Issue

Gail Gottehrer Consulting LLC

Join our free mailing list to read the full article