95% are confident they can detect attacks, but nearly half struggle to stop them as AI-driven threats accelerate
Dubai, UAE – March , 2026 — New global research from CyberEdge Group reveals a significant gap between organizations’ ability to detect attacks and their ability to contain them, leaving businesses exposed when speed matters most.
The study, commissioned by Illumio Inc., surveyed 700 IT and security leaders across North America, Europe, Asia-Pacific, and Latin America. Findings reveal that while 95% of organizations say they can detect unauthorized lateral movement, 46% admit they struggle to stop it.
The insights highlight a dangerous disconnect between detection confidence and containment reality, with most organizations still unable to isolate compromised systems fast enough to prevent escalation.
Key global findings include:
- Hidden attack paths persist despite confidence in visibility: 68% of organizations say they only discover previously unknown communication paths weekly or less often, leaving potential attack routes undetected and exploitable.
- Cloud blind spots are the weakest link: Organizations report cloud-to-data center and multi-cloud paths as their weakest visibility, making it harder to spot lateral movement across dynamic infrastructure.
- Containment delays increase exposure: Only 17% of organizations can isolate a compromised workload in near real-time. More than half (51%) still take hours, days, or even weeks, increasing the likelihood of business disruption, data loss, or extortion.
“Containment delayed is containment lost,” says Steve Piper, Founder and CEO at CyberEdge Group. “Only a small minority of organizations can isolate compromised workloads in near real time, while more than half are operating on a scale of hours or days. That delay creates a critical window where attackers can move laterally, escalate privileges, and significantly increase the impact of a breach.”
AI-driven attacks surpass ransomware as a top cyber threat
The study also finds that AI-driven attacks — including deepfake impersonation — now rank among the top three cyber threats, cited by 55% of respondents. Data and intellectual property theft is the most cited concern (57%), followed by targeted attacks designed to disrupt critical services (56%). Ransomware and extortion rank fourth at 53%.
Despite this shift, organizations believe their greatest sources of cyber risk stem from gaps in fundamental controls, not emerging technologies. When asked which risks concern them most, respondents cite IT vulnerabilities (66%), followed by employee error or misconduct (50%), and the lack of integration between IT and OT environments (50%). By contrast, only 19% cite unapproved or unmanaged use of large language models (LLMs) as a major risk.
Organizations see value in microsegmentation, but execution lags behind intent
To reduce risk and close the containment gap, organizations are increasingly turning to microsegmentation, citing faster detection and response (50%), stronger breach containment (47%), and greater visibility (46%) as the primary benefits.
However, the study shows that many organizations are not practicing modern microsegmentation. The majority (68%) are using network-based firewalls or appliances, which struggle to scale consistently across modern, hybrid environments. As a result, many encounter barriers to implementation, with cost (41%), limited visibility into network and application dependencies (39%), and integration challenges (38%) continuing to hinder deployment.
Raghu Nandakumara, Vice President of Industry Strategy at Illumio, adds: “Most organizations can spot an intrusion, but stopping it is a different story. AI is making attacks harder to interpret and contain, which means even small footholds can escalate fast. Microsegmentation is one of the few controls that enhances visibility and limits how far an intruder can move, but only when it’s precise, scalable, and consistently applied.”
Research Methodology:
The research was conducted by CyberEdge Group and surveyed 700 IT and security decision-makers across seven countries: the United States, United Kingdom, Germany, France, Japan, Australia, and Brazil. All organizations surveyed employed a minimum of 1,000 people, with a significant proportion representing enterprises of 10,000 or more.
About Illumio:
Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by an AI security graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters.
Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running.
About CyberEdge Group:
Founded in 2012, CyberEdge Group is the premier research, marketing, and publishing firm dedicated exclusively to serving the cybersecurity vendor community. As the producer of the distinguished Cyberthreat Defense Report (CDR) and numerous other award-winning research studies, CyberEdge has earned recognition from top-tier business and technology outlets, including The Wall Street Journal, Forbes, Fortune, USA Today, NBC News, ABC News, SC Media, Dark Reading, CISO Magazine, and Security Buzz.
