New global research from CyberEdge Group reveals a significant gap between organizations’ ability to detect attacks and their ability to contain them, leaving businesses exposed when speed matters most. The findings also revealed that while 95% of organizations say they can detect unauthorized lateral movement, 46% admit they struggle to stop it.
The insights highlight a dangerous disconnect between detection confidence and containment reality, with most organizations still unable to isolate compromised systems fast enough to prevent escalation.
Key global findings include:
- Hidden attack paths persist despite confidence in visibility: 68% of organizations say they only discover previously unknown communication paths weekly or less often, leaving potential attack routes undetected and exploitable.
- Cloud blind spots are the weakest link: Organizations report cloud-to-data center and multi-cloud paths as their weakest visibility, making it harder to spot lateral movement across dynamic infrastructure.
- Containment delays increase exposure: Only 17% of organizations can isolate a compromised workload in near real-time. More than half (51%) still take hours, days, or even weeks, increasing the likelihood of business disruption, data loss, or extortion.
“Containment delayed is containment lost,” says Steve Piper, Founder and CEO at CyberEdge Group. “Only a small minority of organizations can isolate compromised workloads in near real time, while more than half are operating on a scale of hours or days. That delay creates a critical window where attackers can move laterally, escalate privileges, and significantly increase the impact of a breach.”
AI-driven attacks surpass ransomware as a top cyber threat
The study also finds that AI-driven attacks — including deepfake impersonation — now rank among the top three cyber threats, cited by 55% of respondents. Data and intellectual property theft is the most cited concern (57%), followed by targeted attacks designed to disrupt critical services (56%). Ransomware and extortion rank fourth at 53%.
Despite this shift, organizations believe their greatest sources of cyber risk stem from gaps in fundamental controls, not emerging technologies. When asked which risks concern them most, respondents cite IT vulnerabilities (66%), followed by employee error or misconduct (50%), and the lack of integration between IT and OT environments (50%). By contrast, only 19% cite unapproved or unmanaged use of large language models (LLMs) as a major risk.
Organizations see value in microsegmentation, but execution lags behind intent
To reduce risk and close the containment gap, organizations are increasingly turning to microsegmentation, citing faster detection and response (50%), stronger breach containment (47%), and greater visibility (46%) as the primary benefits.
However, the study shows that many organizations are not practicing modern microsegmentation. The majority (68%) are using network-based firewalls or appliances, which struggle to scale consistently across modern, hybrid environments. As a result, many encounter barriers to implementation, with cost (41%), limited visibility into network and application dependencies (39%), and integration challenges (38%) continuing to hinder deployment.
Raghu Nandakumara, Vice President of Industry Strategy at Illumio, adds: “Most organizations can spot an intrusion, but stopping it is a different story. AI is making attacks harder to interpret and contain, which means even small footholds can escalate fast. Microsegmentation is one of the few controls that enhances visibility and limits how far an intruder can move, but only when it’s precise, scalable, and consistently applied.”
