Your company pays a cybersecurity tax. You don’t see it on the balance sheet as a line item, but it’s there, built into insurance premiums that climb 15-25% annually, hardware refresh cycles every three years, per-user licensing fees that scale with every new hire, and the small army of IT staff managing incompatible VPN systems across departments.
Then there’s the big one: the $4.4 million average cost of a breach. Business disruption and post-breach customer support drive the biggest spikes, while reputational damage averages $1.47 million, before factoring in the years it takes to rebuild customer trust. Of course, there are also headline-grabbing breaches that cost companies hundreds of millions in damages and fines. Some of the largest incidents have exceeded a billion dollars.
But here’s what changed in 2025: companies bypassing VPNs with software-defined mesh networks have figured out how to stop paying it. When Cloudflare went down in June, and most of the internet went with it, organizations running decentralized architectures kept running. Not because they got lucky, because they’d eliminated the single point of failure that creates the tax in the first place.
According to Cybersecurity Insiders’ 2025 VPN Exposure Report, 48% of companies still on VPNs have already paid the breach tax. Meanwhile, the alternative infrastructure is gaining traction, ZeroTier, one of the platforms leading this shift, closed 2024 with 5,000 paid accounts and now supports over 2.5 million connected devices across 230 countries. The company’s double-digit, quarter-over-quarter revenue growth signals that enterprises are voting with their wallets.
The result for companies making the switch? A competitive advantage that shows up in unit economics. They’re not just getting better security, they’re underpricing competitors who still carry the tax.
Where The Tax Comes From
Legacy VPNs were designed in the late 1990s for ten employees dialing in from home. Today, employees work from three continents, data lives across AWS and Azure, and contractors log in from everywhere. VPNs still create one bridge into your entire network, one that costs you in three ways:
First, the operational overhead. Multiple VPN products are running because different departments bought different solutions. Hardware that needs replacing every three years. Per-user licenses that scale with headcount. IT teams spend half their time managing access instead of building product.
Second, the insurance burden. Companies running legacy VPNs are seeing 15-25% premium increases because actuaries can read breach statistics. The pattern is clear: Colonial Pipeline (gas shortages across the Eastern U.S.), Collins Aerospace (airport systems breached), repeated attacks on Palo Alto Networks equipment by state actors. Last month, South Lyon Community Schools closed for three days after phones and emergency notifications went down.
Third, the breach lottery. Cybersecurity Insiders found 48% of organizations have already paid out. When it hits, cyber incidents halt payroll and wire approvals, spike cart abandonment, knock out call centers, and trigger SLA penalties, overtime costs, and SEC disclosures. One weak link, an unpatched gateway, a phished credential, and you’re explaining to the board why operations are frozen.
How The Architecture Shift Works
The companies eliminating the tax are using software-defined mesh networks that work fundamentally differently than VPNs. Instead of routing all traffic through a central gateway, these systems create direct, encrypted peer-to-peer connections between devices.
ZeroTier’s platform is representative of this new architecture. You install a lightweight agent on each device, laptops, servers, IoT sensors. Each gets a unique cryptographic ID. Then devices connect directly to each other with end-to-end encryption. The controller handles authentication, but your actual data flows directly between devices, not through a chokepoint.
“With Internet-connected devices outnumbering humans by a factor of three, the need for secure connectivity is skyrocketing,” says Andrew Gault, CEO of ZeroTier and former CTO who co-founded GAIKAI (sold to Sony for $380 million). “But most enterprises are paying a massive tax to legacy architectures that create more problems than they solve.”
When Cloudflare’s infrastructure failed in June, organizations running these mesh architectures stayed online, with no central point of failure. When credentials get compromised, damage stays contained, each device only accesses what it specifically needs. When companies need to scale, new locations come online through software configuration in minutes, not hardware procurement cycles.
The Competitive Wedge
The financial implications compound for companies making this shift. Metropolis, which offers checkout-free parking payments, is scaling from thousands of devices to 100,000 within two years without buying new VPN hardware. The company uses ZeroTier’s platform to create secure peer-to-peer connections. Forest Rock, a large software and technology company with a significant footprint in building controls and IoT devices, also leverages ZeroTier’s platform in a similar way, allowing for highly scalable endpoint management into critical systems. Energy providers, online casino operators, and other industries concerned with scalable secure connections have followed suit.
These companies aren’t buying VPN concentrators every three years. They’re not paying per-user licenses that scale with headcount. They’re not maintaining multiple incompatible systems. New employees are provisioned in minutes through software.
Insurance underwriters are responding, companies using zero-trust mesh networks are getting better rates because the breach data proves the attack surface is fundamentally smaller.
The Timeline Question
Here’s where it gets interesting for anyone thinking about competitive dynamics: companies that eliminate the cybersecurity tax can reinvest those savings into price, product, or margin. They can undercut competitors still paying 15-25% insurance premium increases. They can scale faster because adding users doesn’t mean adding licensing costs. They can move quicker because they’re not managing procurement cycles.
If Cloudflare, with virtually unlimited resources and some of the world’s best engineers, can be knocked offline by a single failure point, what happens to your multi-VPN patchwork? More importantly, what happens when your competitor stops paying the tax and you don’t?
Modern attackers will always find the weakest link. The attack surface is growing. The tools available to adversaries are more sophisticated, especially with the support of AI. And the cybersecurity tax keeps climbing.
The question isn’t whether this architectural shift happens. It’s whether your company makes the transition before your competitor uses their cost advantage to eat your lunch, or before a breach forces your hand and you’re explaining to investors why you’re the next headline about avoidable losses.
Read the full article here
