Small-Medium Businesses (SMBs) are essential to global economies yet remain highly vulnerable to cyberattacks due to limited budgets, inadequate cybersecurity expertise, and underestimation of cyber risks. Their increasing reliance on digital infrastructures has expanded their attack surfaces, exposing them to sophisticated and evolving threats. Consequently, implementing proactive, adaptive security measures has become imperative. This research investigates the effectiveness of Zero Trust Architecture (ZTA) as a sustainable cybersecurity solution tailored to SMBs. While ZTA adoption has been examined broadly, the specific financial, organizational, and capability constraints of SMBs remain underexplored. This study develops an integrated predictive model to assess both the feasibility and risk-mitigation potential of ZTA implementation. The model consists of two sub-models. The first sub-model evaluates the probability of successful ZTA adoption considering implied barriers, and the second tests the effectiveness of ZTA in responding to prevalent cyberattacks. The integrated model predicts the risk level in the presence of ZTA and quantifies the uncertainty of the extent to which ZTA can enhance SMBs' cyber resilience, contributing novel insights for practitioners and stakeholders seeking to enhance compliance with policies, risk, and governance activities in SMBs.

翻译：中小型企业（SMBs）对全球经济至关重要，但由于预算有限、网络安全专业知识不足以及对网络风险的低估，它们仍然极易受到网络攻击。这些企业对数字基础设施日益增长的依赖扩大了其攻击面，使其面临复杂且不断演变的威胁。因此，实施主动、自适应的安全措施已变得势在必行。本研究探讨了零信任架构（ZTA）作为一种为中小型企业量身定制的可持续网络安全解决方案的有效性。虽然ZTA的采用已得到广泛研究，但针对中小型企业特有的财务、组织及能力约束的探讨仍显不足。本研究开发了一个集成预测模型，以评估ZTA实施的可行性和风险缓解潜力。该模型包含两个子模型。第一个子模型评估在考虑隐含障碍的情况下成功采用ZTA的概率，第二个子模型测试ZTA在应对普遍网络攻击方面的有效性。该集成模型预测了在部署ZTA情况下的风险水平，并量化了ZTA能在多大程度上增强中小型企业网络韧性的不确定性，为寻求提升中小型企业合规性、风险及治理活动水平的从业者和利益相关者提供了新的见解。