Lately, I’ve seen a few articles suggesting that we should rename Zero Trust because the term makes people uncomfortable. The argument? Business leaders hear Zero Trust and assume it means we don’t trust employees. Some have even proposed softer alternatives like ‘Verified Trust Framework’ or ‘Adaptive Assurance’: phrases that sound friendlier, but miss the point entirely.
Let’s clear something up right away: Zero Trust does not mean we don’t trust people. It means we don’t blindly trust the digital traffic moving through our networks. And yes, that distinction matters, a lot.
I’ve been in cybersecurity for two decades, and I’ve lost count of how many times someone has said, “Lieuwe Jan, the term Zero Trust sounds like we don’t trust our people, and that’s a problem.”
I get it. The phrase can feel counterintuitive, even harsh. After all, as CEOs, you build companies on trust: trust in your leadership team, your employees, your partners. The last thing you want is a security model that suggests you don’t believe in the people who make your business run.
It’s not about your people, it’s about packets
Here’s the key: Zero Trust isn’t about distrusting individuals. It’s about removing implicit trust from digital interactions: the movement of data, the access to systems, the flow of packets across networks.
Think about it like this: when someone walks into your office building, they have to swipe a badge or enter a passcode to get through the door. You trust your employees, but you still make them authenticate before granting access.
Why? Because you can’t just assume that everyone who steps into the lobby should have unrestricted entry to the entire building.
Zero Trust works the same way. Employees should absolutely have access to what they need to do their jobs, but not to everything, everywhere, all the time, without verification. That’s how attackers move laterally through networks. That’s how ransomware spreads. That’s how breaches happen.
Why Zero Trust actually protects your people
The irony is that Zero Trust actually reinforces trust in your people.
Imagine you’re a CFO, and you get an urgent email from your CEO asking you to wire $500,000 to a vendor immediately. You trust your CEO, right? But what if that email wasn’t actually from them? What if their account was compromised?
With Zero Trust in place, that request wouldn’t be blindly accepted. Instead, there would be safeguards (multi-factor authentication, identity verification, and behavioral analysis) to ensure that request was legitimate. None of that is about distrusting your CEO; it’s about protecting them (and the company) from fraud.
The same applies to your employees. If their credentials are stolen, Zero Trust prevents an attacker from using them to access sensitive systems undetected. It’s not a sign of mistrust; it’s a sign that you value their security as much as your own.
Trust is a leadership issue, not a security one
If an employee doesn’t feel trusted, that’s a leadership challenge, not a security failure. Trust is built through transparency, communication, and culture, not by giving people unlimited access to systems just because they work for you.
Zero Trust doesn’t mean treating employees like criminals. It means treating cybersecurity as a business enabler rather than a roadblock. It means making sure your employees can do their jobs securely, without the fear that one wrong click could lead to disaster.
Security that empowers instead of restricts
Some CEOs worry that Zero Trust slows things down. The reality? It’s the opposite. When employees can work in a secure-by-default environment, they can move faster, take more risks (the good kind), and innovate without the fear of causing a security breach. It creates confidence, not hesitation.
So let’s put this myth to bed once and for all: Zero Trust is not about distrusting people. It’s about ensuring that trust, in a digital world, is always earned, verified, and protected.
And that’s exactly what every CEO wants: for their people, their business, and their future.
