New study of 352 healthcare and manufacturing security leaders finds 99% want microsegmentation deployed, yet only 9% have protected more than 80% of critical systems
SAN JOSE, Calif., April 28, 2026 /PRNewswire/ -- A new Omdia survey, commissioned by Elisity, finds that 99% of security leaders want microsegmentation deployed, yet over 90% have protected fewer than 80% of their critical systems. Nearly half experienced lateral movement attacks in the past year. Across 352 U.S. cybersecurity decision makers in healthcare and manufacturing, the data tells a consistent story: organizations want modern microsegmentation and aren't getting it done.
Organizations still lean on VLANs, ACLs, and agent-based tools that require constant rework and leave east-west exposure wide open. 68% are pursuing microsegmentation as part of a Zero Trust strategy, and 60% cite regulatory compliance as a driver. First-generation tools built around network location rather than identity have slowed real progress to a crawl.
Modern, identity-based microsegmentation works differently. Policy enforces directly on existing network switches, with no agents, no hardware changes, and no VLAN reconfiguration. Organizations can contain ransomware and lateral movement across IT, IoT, OT, and IoMT environments in weeks, not years.
"Microsegmentation has matured, but many organizations still carry the scars of earlier, complex approaches. What's changed is the architecture. Identity-based microsegmentation lets teams enforce precise policy on the switches they already run, so security becomes an enabler rather than a gate." - James Winebrenner, CEO, Elisity
"Our data shows the shift is on. Enterprises intend to deploy microsegmentation, and many now see modern solutions as easier and more effective." - Hollie Hennessy, Principal Analyst, Omdia
Healthcare organizations rank SIEM, EDR, and SOAR integration as their top challenge with previous microsegmentation efforts. Visiting clinicians (74%) and clinical staff (72%) require the most granular policy attention, given the mix of managed and unmanaged devices moving through clinical environments.
Manufacturing runs on zero-downtime requirements and legacy OT systems that make agent-based approaches a non-starter. Remote engineers top the segmentation priority list at 70%, and ICS and building management system integration ranks as the second most common challenge.
At 32%, cyber insurance ranks behind Zero Trust strategy (68%) and regulatory compliance (60%) as a motivator, but underwriters are tightening expectations year over year. Most renewal questionnaires still ask binary "do you have segmentation: yes or no" questions, which lets legacy VLAN architectures pass alongside modern identity-based controls. That gap masks real risk, because flat trust zones inside a VLAN don't stop a credentialed attacker from reaching adjacent systems.
Agent-based tools can't protect PLCs on a plant floor or medical devices on a clinical network. Those are precisely the assets ransomware operators target for maximum operational impact. Carriers are starting to ask more granular questions about what percentage of critical assets sit under active policy coverage, and whether unmanaged devices fall inside or outside that coverage.
"We looked into different NAC technologies, things like that to partially solve the picture, but it really wasn't until Elisity came along that we found a product that checked all the boxes. Something easy to manage, easy to maintain. You could get in it quickly." - Nathan Phoenix, Information Security Officer, Southern Illinois Healthcare
"We assumed someone's going to get in, we assumed someone's going to get access through malware or other means, and we wanted to know that we had a way to quickly, in an automated way, stop that lateral movement so that they couldn't move across through a plant or even between plants." - Max Everett, CISO, Shaw Industries
Coverage of the survey ran across leading industrial cybersecurity, cyber insurance, and security trade publications.
Industrial Cyber framed the survey as an execution-gap story rooted in legacy tooling, with prominent attention to the 44% device-visibility shortfall and to the Southern Illinois Healthcare and Shaw Industries customer testimonials. Industrial Cyber highlighted the contradiction that microsegmentation ranks first among planned Zero Trust initiatives yet sits at just 24% in current deployment. Read the Industrial Cyber coverage.
Cyber Insurance News reframed the survey as an underwriting problem, noting that binary insurance questionnaires can't distinguish legacy VLAN architectures from modern identity-based segmentation, and that agent-based tools cannot protect PLCs, medical devices, or industrial systems. Cyber Insurance News called out the 32% of respondents who already cite cyber insurance as a direct business driver. Read the Cyber Insurance News coverage.
CYBR.SEC.Media built its piece around the "say-do gap" language (99% versus 9%) and surfaced concrete operational consequences: production halts, hijacked industrial robots, compromised ventilators, altered dosage records, and ransomware against blood bank systems. Their coverage included Elisity CEO James Winebrenner's perspective on the resource constraints security teams face when extending segmentation across OT and clinical environments. Read the CYBR.SEC.Media coverage.
Download the complete Omdia survey analysis with full breakdowns by vertical, current deployment status, and 2026 priorities. Free, no email gating delays.
Get the ReportMost teams still rely on VLANs, ACLs, and agent-based tools designed around network location rather than asset identity. Those approaches require constant rework, don't extend cleanly to IoT, OT, and IoMT, and leave east-west exposure open between trust zones. Only 22% of respondents in the Omdia survey have hands-on experience with modern microsegmentation, so awareness, not just execution, is part of the gap.
Identity-based microsegmentation enforces policy by who or what an asset is (its identity attributes), rather than where it sits on the network. VLAN-based segmentation groups devices by network location, which creates flat trust zones inside each VLAN and slows reconfiguration whenever an asset moves. Identity-based controls apply directly on existing switches and follow the asset across the network, which is why 69% of survey respondents demand identity-based controls in any modern solution.
Microsegmentation enforces least-privilege rules between assets, so a compromised endpoint can only reach the specific systems its identity policy allows. When a credentialed attacker or ransomware payload tries to pivot east-west, those connections are blocked or alerted instead of permitted by default. With nearly 1 in 2 security leaders reporting a lateral movement attack in the past year, granular east-west policy is now the top initiative cited (57%) to contain that risk.
Many carriers don't yet require microsegmentation outright, but 32% of survey respondents already cite cyber insurance as a direct business driver. Most renewal questionnaires still ask binary "yes or no" segmentation questions, which lets legacy architectures pass. As underwriters refine their questions, expect more granular asks about what percentage of critical assets sit under active policy coverage and whether unmanaged devices are included.
OT systems and medical devices typically can't host agents, run unsupported operating systems, and operate under zero-downtime constraints. Industry analysis from firms like Dragos, Nozomi, Claroty, and Armis consistently shows that visibility into these unmanaged devices is the foundation for any segmentation effort. That's why 44% of survey respondents flag comprehensive device visibility as their most critical capability gap, and why agentless, identity-based enforcement on existing switches resonates with manufacturing and healthcare teams.
Omdia surveyed 352 U.S. cybersecurity decision makers (CISOs, security architects, and IT and network security leaders) across healthcare and manufacturing. All respondents work at organizations with 1,000 or more employees. Omdia conducted the survey in 2025, commissioned by Elisity.
Elisity is an identity-based microsegmentation company that helps enterprises stop lateral movement, prevent ransomware spread, and meet compliance and cyber insurance requirements across IT, OT, and IoT environments. The Elisity platform discovers every device on an organization's network, enforces least-privilege access policies through existing network infrastructure, and delivers full microsegmentation in weeks, without agents, additional hardware, or network re-architecture. Elisity is trusted by Fortune 500 healthcare systems, global manufacturers, and pharmaceutical companies including GSK, Main Line Health, Shaw Industries, and St. Luke's University Health Network. Founded in 2019, Elisity is headquartered in San Jose, California. Learn more at elisity.com.
Omdia is a global technology research firm with more than 400 analysts covering 150 markets. Born from the research divisions of Informa TechTarget and the IHS Markit technology portfolio, Omdia publishes over 3,000 research reports annually and serves more than 14,000 subscribers. Learn more at omdia.com.
Media Contact: Danielle Ostrovsky Hi-Touch PR Ostrovsky@Hi-TouchPR.com