Evaluating the Effectiveness of Zero Trust Architecture in Modern Enterprises: Moderating Role of Organisational Maturity

Authors

  • Talha Sarfaraz Department of Marketing, College of Business Administration, Imam Abdulrahman Bin Faisal University, Dammam, Kingdom of Saudi Arabia

DOI:

https://doi.org/10.65080/dp4w1990

Keywords:

Zero trust architecture (ZTA), cybersecurity, organisational maturity, digital transformation, enterprise performance

Abstract

Aim: The study evaluated the performance of Zero Trust Architecture (ZTA) in modern enterprises, particularly focusing on organisational maturity as a moderator. As cyber threats evolve and perimeter security proves insufficient, organisations increasingly implement ZTA to protect their digital assets.

Methods: The study employed a quantitative method based on survey research and collected data from 380 experts involved in cybersecurity decision-making among UK companies. The data was analysed and tested for the relationships between organisational maturity, ZTA, and enterprise performance using Partial Least Squares Structural Equation Modelling (PLS-SEM).

Results: The findings revealed that ZTA (β = 0.388, p = 0.000) significantly and positively influenced enterprise performance, particularly in improving cybersecurity. Furthermore, organisational maturity (β = 0.123, p = 0.022) is a significant moderating factor, enhancing the positive relationship between ZTA adoption and improved performance.

Conclusion: It provides practical business implications by concluding that organisational maturity is necessary for maximum utilisation of ZTA's benefits. The findings also present valuable insights to decision-makers and cybersecurity experts who wish to maximise the use of ZTA and strengthen their cybersecurity position.

Downloads

Download data is not yet available.

References

Ahmad, W., Rasool, A., Javed, A. R., Baker, T., & Jalil, Z. (2021). Cyber security in iot-based cloud computing: A comprehensive survey. Electronics, 11(1), 16. https://doi.org/10.3390/electronics11010016

Ahmadi, S. (2024). Zero trust architecture in cloud networks: Application, challenges and future opportunities. Journal of Engineering Research and Reports, 26(2), 215-228. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4725283v

Aljohani, A. (2023). Zero-trust architecture: Implementing and evaluating security measures in modern enterprise networks. Shifra, 2023, 60-72. https://doi.org/10.70470/SHIFRA/2023/008

Amini, M., & Jahanbakhsh Javid, N. (2023). A multi-perspective framework established on diffusion of innovation (DOI) theory and technology, organization and environment (TOE) framework toward supply chain management system based on cloud computing technology for small and medium enterprises. Organization and Environment (TOE) Framework Toward Supply Chain Management System Based on Cloud Computing Technology for Small and Medium Enterprises (January 2023). International Journal of Information Technology and Innovation Adoption, 11, 1217-1234. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4340207

Awa, H. O., Ojiabo, O. U., & Orokor, L. E. (2017). Integrated technology-organization-environment (TOE) taxonomies for technology adoption. Journal of Enterprise Information Management, 30(6), 893-921. https://doi.org/10.1108/JEIM-03-2016-0079

Bashir, T. (2024). Zero Trust Architecture: Enhancing cybersecurity in enterprise networks. Journal of Computer Science and Technology Studies, 6(4), 54-59. https://doi.org/10.32996/jcsts

Batan, A. (2024). Investigating the Efficacy of Zero-Trust Security Models in Mitigating Insider Threats in Enterprise Environments. International Journal of Advanced Cybersecurity Systems, Technologies, and Applications, 8(12), 10-19. Available from: https://theaffine.com/index.php/IJACSTA/article/view/2

Bhaskaran, D. (2025). Zero Trust Architecture: Securing America's Critical Infrastructure. Available at SSRN 5145800. http://dx.doi.org/10.2139/ssrn.5145800

Brezavšček, A., & Baggia, A. (2025). recent trends in information and cyber security maturity assessment: A systematic literature review. Systems, 13(1), 52. https://doi.org/10.3390/systems13010052

Cheung, G. W., Cooper-Thomas, H. D., Lau, R. S., & Wang, L. C. (2024). Reporting reliability, convergent and discriminant validity with structural equation modeling: A review and best-practice recommendations. Asia pacific Journal of Management, 41(2), 745-783. https://doi.org/10.1007/s10490-023-09871-y

Fernandez, E. B., & Brazhuk, A. (2024). A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 89, 103832. https://doi.org/10.1016/j.csi.2024.103832

Ghaffari, F., & Arabsorkhi, A. (2018). A new adaptive cyber-security capability maturity model. In 2018 9th International Symposium on Telecommunications (IST) (pp. 298-304). IEEE. https://doi.org/10.1109/ISTEL.2018.8661018

Government of UK. (2024) Cyber security breaches survey 2024. Official Statistics Cyber security breaches survey 2024 (2024). GOV.UK. Available from: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024

Government of UK. (2023). Cyber security breaches survey 2023. GOV. UK, Mar, 30. Available from: https://ciso2ciso.com/wp-content/uploads/2023/11/Cyber-Security-Breaches-Survey-2023.pdf

Hair Jr, J. F., Matthews, L. M., Matthews, R. L., & Sarstedt, M. (2017). PLS-SEM or CB-SEM: updated guidelines on which method to use. International Journal of Multivariate Data Analysis, 1(2), 107-123. https://doi.org/10.1504/IJMDA.2017.087624

Hair, J. F., Risher, J. J., Sarstedt, M., & Ringle, C. M. (2019). When to use and how to report the results of PLS-SEM. European Business Review, 31(1), 2-24. https://doi.org/10.1108/EBR-11-2018-0203

Hasan, M. (2024). Enhancing Enterprise Security with Zero Trust Architecture. arXiv preprint arXiv:2410.18291. https://doi.org/10.48550/arXiv.2410.18291

Henseler, J., Ringle, C. M., & Sarstedt, M. (2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115-135. https://doi.org/10.1007/s11747-014-0403-8

Hoang, H. (2024). Navigating the digital landscape: an exploration of the relationship between technology-organization-environment factors and digital transformation adoption in SMEs. Sage Open, 14(4), 21582440241276198. https://doi.org/10.1177/21582440241276198

Igboko, U. A., & Temitope, O. A. (2025). Securing Public Health in The Digital Age: A Cybersecurity Case Study of Uk Local Council Health Services. http://doi.org/10.37502/IJSMR.2025.8503

Jimmy, F. (2021). Emerging threats: The latest cybersecurity risks and the role of artificial intelligence in enhancing cybersecurity defenses. Valley International Journal Digital Library, 1, 564-74. https://doi.org/10.18535/ijsrm/v9i2.ec01

Khan, K., Khurshid, A., & Cifuentes-Faura, J. (2024). Is artificial intelligence a new battleground for cybersecurity? Science Direct, Internet of Things, 28, 101428. https://doi.org/10.1016/j.iot.2024.101428

Khan, M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 19(3), 105-116. https://doi.org/10.30574/wjarr.2023.19.3.1785

Kotilingala, S. (2025). The non-human identity crisis: Managing machine identities in the modern enterprise. World Journal of Advanced Research and Reviews, 26(1), 944-954. https://doi.org/10.30574/wjarr.2025.26.1.1118

Liyanage, L., Arachchilage, N. A. G., & Russello, G. (2024). SoK: Identifying Limitations and Bridging Gaps of Cybersecurity Capability Maturity Models (CCMMs). arXiv preprint arXiv:2408.16140. https://arxiv.org/abs/2408.16140

Malik, S., Chadhar, M., Vatanasakdakul, S., & Chetty, M. (2021). Factors affecting the organizational adoption of blockchain technology: Extending the technology–organization–environment (TOE) framework in the Australian context. Sustainability, 13(16), 9404. https://doi.org/10.3390/su13169404

Mensah, F. (2024). Zero trust architecture: A comprehensive review of principles, implementation strategies, and future directions in enterprise cybersecurity. International Journal of Academic and Industrial Research Innovations (IJAIRI), 10, 339-346. ISSN: 2454-132X.

Mick, M. M. A. P., Kovaleski, J. L., Mick, R. L., & Chiroli, D. M. D. G. (2024). Developing a sustainable digital transformation roadmap for SMEs: Integrating digital maturity and strategic alignment. Sustainability, 16(20), 8745. https://doi.org/10.3390/su16208745

Mijwil, M., Unogwu, O. J., Filali, Y., Bala, I., & Al-Shahwani, H. (2023). Exploring the top five evolving threats in cybersecurity: An in-depth overview. Mesopotamian Journal of Cybersecurity, 57-63. https://doi.org/10.58496/MJCS/2023/010

Nasiruzzaman, M., Ali, M., Salam, I., & Miraz, M. H. (2025). The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation. In 2025 29th International Conference on Information Technology (IT) (pp. 1-8). IEEE. https://doi.org/10.1109/IT64745.2025.10930254

Omar, K. O., Zraqou, J., & Gómez, J. M. (2025). From Synthetic Text to Real Threats: Unraveling the Security Risks of Generative AI. In Examining Cybersecurity Risks Produced by Generative AI (pp. 1-20). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3373-0832-6.ch001

Onwuegbuzie, I. U., & Alabi, O. A. (2025). A Review of Authentication and Authorization Mechanisms in Zero Trust Architecture: Evolution and Efficiency. Tech-Sphere Journal for Pure and Applied Sciences, 2(1). https://doi.org/10.5281/zenodo.15149866

Paya, A., & Gómez, A. (2024). Securesdp: a novel software-defined perimeter implementation for enhanced network security and scalability. International Journal of Information Security, 23(4), 2793-2808. https://doi.org/10.1007/s10207-024-00863-7

Rönkkö, M., & Cho, E. (2022). An updated guideline for assessing discriminant validity. Organizational Research Methods, 25(1), 6-14. https://doi.org/10.1177/1094428120968614

Sholademi, D. B. (2024). Leveraging AI for detecting deep fakes and combating financial fraudulent identity schemes. International Journal of Research Publication and Reviews, 5(12), 4096-4111 December 2024. https://doi.org/10.55248/gengpi.5.1224.250131

Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800-207. https://doi.org/10.3390/su141811213

Stamford, (2024). Gartner Survey Reveals 63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy. Gartner. Available from: https://www.gartner.com/en/newsroom/press-releases/2024-04-22-gartner-survey-reveals-63-percent-of-organizations-worldwide-have-implemented-a-zero-trust-strategy

Sunkara, G. (2025). Implementing zero trust architecture in modern enterprise networks. SAMRIDDHI: A Journal of Physical Sciences, Engineering and Technology, 17(03), 1-11. https://doi.org/10.18090/samriddhi.v17i03.01

Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (zta): A comprehensive survey. IEEE Access, 10, 57143-57179. https://doi.org/10.1109/ACCESS.2022.3174679

Yeoh, W., Liu, M., Shore, M., & Jiang, F. (2023). Zero trust cybersecurity: Critical success factors and A maturity assessment framework. Computers & Security, 133, 103412. https://doi.org/10.1016/j.cose.2023.103412

Zammani, M., Razali, R., & Singh, D. (2021). Organisational information security management maturity model. International Journal of Advanced Computer Science and Applications, 12(9). https://doi.org/10.14569/IJACSA.2021.0120974

Downloads

Published

2025-06-30

Issue

Vol. 1 No. 2 (2025): AJBMSS

Section

Articles

License

Copyright (c) 2025 Talha Sarfaraz (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Evaluating the Effectiveness of Zero Trust Architecture in Modern Enterprises: Moderating Role of Organisational Maturity. (2025). AJBMSS - Advance Journal of Business Management and Social Sciences, 1(2), 1-11. https://doi.org/10.65080/dp4w1990