There's an all-too-common frustration that shows up in enterprise security survey results when the gap between a security team’s intentions and its execution leaves an opening for attackers to succeed. A new Omdia survey, commissioned by Elisity and conducted among 352 U.S. cybersecurity decision-makers in healthcare and manufacturing, makes that frustration clear.
Ninety-nine percent of survey respondents say they're implementing or planning microsegmentation; however, only 9% have actually segmented more than 80% of their critical systems. Yet, nearly one in two security leaders experienced a lateral movement attack in the past year. The say-do gap here isn't a rounding error; it's a structural challenge.
"Many of these organizations are typically operationally very under-resourced,” James Winebrenner, CEO at Elisity, told CYBR.SEC.Media. “So any time there’s adding additional complexity, such as with legacy VLAN firewall type approaches, or trying to keep track of ACLs, they just don't have the staff operationally necessary to be able to do it at scale," he says.
The survey data clearly points to such legacy architecture as the primary culprit. Most organizations are still relying on VLANs, ACLs, and host-based firewalls — approaches designed for a different era of network architecture, one without the dense mix of managed laptops, unmanaged IoT, operational technology, and connected medical devices that define today's environments. In manufacturing, ACLs are the most common segmentation method at 61%. In healthcare, VLANs lead at 60%. These aren't microsegmentation.
"Legacy technologies just aren’t able to meet the requirements of those environments; it's just incredibly manual and slow, and it's not actually getting organizations to a point where they are successful," Hollie Hennessy, OT/IoT cybersecurity lead, cybersecurity at Omdia, told CYBR.SEC.Media.
Poor segmentation has consequences
The consequences of that exposure are not abstract. Manufacturing respondents described lateral movement incidents that halted production lines, corrupted ICS and SCADA systems, and hijacked industrial robots. Healthcare respondents reported compromised ventilators, altered dosage records, locked-down emergency departments, and ransomware targeting blood bank systems. What were once theoretical attack scenarios are now happening to organizations.
Despite these dangers, only 22% of respondents have hands-on experience with modern microsegmentation tools. That number drops to 18% in healthcare.
That awareness gap matters because it shapes how security leaders evaluate the challenge. If the framing is that microsegmentation is still built around first-generation, agent-based models that require years of deployment, constant rework, and cannot cover IoT or OT devices, they will underestimate the capabilities of modern toolsets. Sixty-two percent of respondents say today's toolsets are easier to deploy than those from five years ago. Most are still running the old methods anyway.
The vertical-specific shows that challenges diverge between vertical industries. Healthcare security leaders rank SIEM, EDR, and SOAR integration as their top challenge with previous microsegmentation efforts. That makes sense given how tightly clinical environments depend on interoperability across security tooling. Visiting clinicians and clinical staff top the list of user types requiring special segmentation attention, at 74% and 72%, respectively. These are users who connect with unmanaged or semi-managed devices, move between facilities, and access systems ranging from EHR platforms to connected patient monitoring equipment. Legacy policy enforcement built around network location can't adequately handle that reality.
Manufacturing's challenge is different. Remote engineers are the top segmentation priority at 70%, followed by manufacturing operators at 58%. Also, SCADA systems often can’t tolerate endpoint agents, downtime, or configuration changes. Therefore, any segmentation that requires touching those systems is a non-starter for most plant environments. "You can't change the IP address on an MRI machine. They don't use DHCP. You're having to call GE or Philips to dispatch a tech to come out and make an addressing change," Winebrenner says.
The survey describes an inflection point that it has been approaching for years. Microsegmentation ranks first among planned zero trust initiatives but sits near the bottom at 24% among those actually deployed. Cyber insurance requirements are pushing 32% of respondents toward action. Changes to the HIPAA Security Rule are adding explicit segmentation requirements. Regulatory pressure, insurance pressure, and the ongoing reality of lateral movement attacks are all converging.
Hennessy explains that segmentation and microsegmentation for the OT/IoT market are emerging, and it is also one of the fastest-growing product categories, with a compound annual growth rate of 18.8%.
The question for security leaders is whether the tools and architectures they're counting on to close this gap are capable of doing so, or whether they're running on outdated assumptions.
