A Data-Driven Evaluation of Zero Trust Architecture Effectiveness in Mitigating Insider Threats Across Distributed Enterprise Networks

Abstract

Zero Trust Architecture (ZTA) is an emerging cybersecurity paradigm that replaces traditional perimeter-based defences with a “never trust, always verify” model, enforcing continuous authentication and context-aware access control across distributed enterprise environments; this study presents a data-driven evaluation of ZTA effectiveness in mitigating insider threats using a structured dataset of 80 users and comparative analysis of Pre-ZTA and Post-ZTA security states, focusing on key metrics such as detection accuracy, anomaly scores, access denials, Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), incident detection rates, and user risk distributions; results indicate a notable improvement in detection rate from 43.2% to 53.5% and a reduction in anomaly scores from 53 to 46, alongside decreased incident severity levels (median reduced from 4 to 3) for both accidental and malicious threats, while total recorded incidents increased from 37 to 43 due to enhanced monitoring visibility rather than higher threat occurrence; additionally, behavioural analysis reveals stronger alignment between device trust and authentication outcomes, with fewer failed login attempts among high-trust devices in the Post-ZTA environment; although access denials rose from 8 to 10, this reflects stricter enforcement of least-privilege access policies; overall, the findings demonstrate that ZTA significantly enhances detection, reduces impact severity, and improves risk classification, thereby providing a more resilient and adaptive framework for insider threat mitigation in modern distributed networks.