Zero Trust Architecture Implementation in SMBs: A Bayesian Risk Analysis Model and Empirical Validation
This research introduces a Bayesian Network simulation model designed to quantify the effectiveness of Zero Trust Architecture (ZTA) within small-medium businesses (SMBs). By utilizing Monte Carlo simulations and historical data, the study validates how ZTA can reduce the likelihood of data breaches and the overall magnitude of cyber risk by up to 20 percent. The authors analyze critical implementation barriers, such as financial constraints and organizational resistance, providing a roadmap for resource-strapped firms to adopt "never trust, always verify" principles. Key findings highlight that credential-based attacks and insider threats are the most significant risks, which can be mitigated through core controls like encryption and multi-factor authentication. Ultimately, the model serves as a risk-informed decision tool to help SMBs enhance their cyber resilience and regulatory compliance.