The adoption of the Zero Trust model has become a turning point for enterprise cybersecurity strategies. This is reflected in the global study published by DXC Technology, in collaboration with Microsoftunder the title The Trust Report: From Risk Management to Strategic Resilience in Cybersecurity. The research, based on data from hundreds of companies from different sectors and geographies, confirms that this framework is no longer a trend, but the de facto standard to protect hybrid and dynamic digital environments.
The report shows how organizations are moving from a traditional risk management model, focused on perimeter defense, towards a risk management approach. strategic resilience where trust is never taken for granted. This change responds to the exponential growth of threats, the sophistication of attacks, and the impact of generative artificial intelligence on the exposure surface.
According to the study, the 83% of organizations that have adopted a Zero Trust model have managed to reduce security incidentswhich has contributed to a significant decrease in recovery and technical support costs following cyber attacks. However, the report warns of a technological and cultural gap: only 30% of companies use AI-based authentication toolsdespite the wide range of solutions available for intelligent detection and response.
An uneven adoption of artificial intelligence in cybersecurity
The advancement of artificial intelligence is redefining the limits of cyber defense. On the one hand, Attackers use AI to automate attacks, generate malicious code, and exploit vulnerabilities faster than ever. On the other hand, AI technologies also represent a unique opportunity to create more predictive, contextualized and adaptive protection systems.
The report highlights that the adoption of AI-powered tools is still in its infancy. Many organizations, especially those in regulated sectors or with critical infrastructure, maintain a cautious or experimental approach. In this context, Zero Trust acts as a framework to incorporate innovations in a controlled manner, prioritizing continuous verification and strict identity and access management.
“The challenge is no longer just to protect systems, but to do it in a dynamic, coherent and automated way,” explains Mikel Salazar, Director of Cybersecurity at DXC Spain and Portugal. “The acceleration of AI-based threats forces us to evaluate security as a whole, where identities, devices, networks, applications and data must follow zero trust principles. Our role at DXC is to help customers integrate the Zero Trust model into your organizational culture“, not as an isolated project, but as a living policy that accompanies the evolution of the business.”
Obstacles to the adoption of the Zero Trust model
The results of the study reveal a paradox and that is that, although most IT managers recognize the strategic value of the Zero Trust modelits full implementation remains a slow and uneven process. Thus, the 66% of companies identify legacy systems as the main barrier, both due to the lack of interoperability and the modernization costs involved in its replacement or integration.
Added to this technical limitation are organizational factors. In many cases, Cybersecurity departments operate in a fragmented manner with respect to the rest of the structurewhich makes coherence in access and control policies difficult. According to DXC, this gap underlines the need for transversal leadership that involves not only CIOs or CISOs, but also business, human resources and regulatory compliance areas.
Despite the challenges, the study highlights that 72% of organizations recognize new emerging threats as the main driver for updating their security policiesand more than 50% admit to having found unforeseen benefits in Zero Trust: an improvement in the user experience and greater operational efficiency thanks to the automation of controls and the elimination of redundancies in authentication processes.
Microsoft and DXC: synergy for a continuous trust architecture
The collaboration between DXC and Microsoft is one of the strongest examples of practical integration of the Zero Trust model at scale. Both companies agree that building more resilient environments requires a precise combination of technology, automation and organizational culture.
“Most companies already rely on Microsoft Entra ID and Microsoft 365 as the foundation of their IT ecosystems,” said Alex Simons, corporate vice president of Microsoft Entra. “Expanding that base with Zero Trust solutions developed together with DXC allows us to offer a unified identity management, complete asset visibility and adaptive control on critical data and resources. Consolidating around the Microsoft stack reduces complexity, cuts costs and accelerates the deployment of consistent policies.”
The collaboration model between both firms is based on the premise that the Security must be integrated from the design (security by design) and maintained continuously through monitoring and automation. This includes identifying anomalies in user or device behavior, contextual enforcement of access policies, and network segmentation based on verifiable trust.
A model that requires maturity and cultural change
Beyond technology, the report highlights that Zero Trust cannot be understood as a product or a specific implementationbut as a process of progressive maturity. Its adoption involves reviewing the company’s operating philosophy and move from an implicit trust model to one of constant verificationwhere each access request is evaluated based on multiple factors and risk scenarios.
The value of the Zero Trust model lies in its ability to provide a consistent protection across the entire digital ecosystem
Among the study’s recommendations, DXC suggests adopting a phased roadmap starting with identity and access management (IAM), continuing with network segmentation, and ending with cloud data and payload protection. This tiered approach allows organizations to measure tangible results and adjust investment based on their level of digital maturity.
The document also emphasizes the need to link the Zero Trust model with internal training programssince the human factor remains a weak link. Creating a dynamic security culture—where every employee understands their role in protecting the organization—is as critical as having advanced tools.
Zero Trust Model as an engine of resilience
In an environment where the boundaries between cloud, edge and device are blurred, the value of the Zero Trust model lies in its ability to provide a consistent protection across the entire digital ecosystem. Organizations that adopt it are moving towards a security model based on evidence and not on assumptions, capable of adapting quickly to the evolution of risk.
The DXC and Microsoft study reinforces a central idea: trust is now a measurable outcomenot a precondition. Companies that invest in Zero Trust not only reduce their exposure to cyberattacks, but they can turn security into a competitive differentiation assetcapable of strengthening the relationship with clients, partners and suppliers.
In Salazar’s words, “Zero Trust transforms security into an enabler of innovation. It allows organizations to explore new digital opportunities—from generative AI to process automation—without compromising the protection of their data. Resilience is not achieved by eliminating risk, but by managing it with intelligence and anticipation.”
The report concludes that the evolution towards fully integrated Zero Trust environments will be a multi-year processmarked by cooperation between technology providers, specialized consulting firms and corporate security leaders. In the short term, organizations that accelerate this journey will be better positioned to respond to emerging threats and securely harness the transformative potential of artificial intelligence.
