Why Akamai?
Akamai Guardicore Segmentation helps organizations contain ransomware faster, reduce insurance costs, and simplify compliance. By addressing internal barriers to mature microsegmentation adoption, and progressing from intent to execution, North American enterprises can strengthen resilience in a high-stakes environment.
Introduction
Broad segmentation adoption masks the North American maturity gap
North American enterprises have embraced segmentation at scale. Ninety percent of organizations in the region now deploy some form of it, a figure mirroring the global average. Yet beneath this broad adoption lies a clear weakness in maturity. Only a third of North American organizations have progressed to microsegmentation, a level of discipline essential for containing fast-moving threats. This shallow maturity is becoming one of the region’s defining cybersecurity challenges.
Further-advanced organizations are already seeing the benefits. Those with microsegmentation report that ransomware containment improved by 21.4%, a meaningful reduction in both spread and recovery time. Even so, most enterprises continue to fall short of their own targets for response and containment. The evidence shows that a more mature approach could help maximize this benefit.
Financial incentives are also in play. Three-quarters of North American firms hold cyber insurance, but maturity is increasingly a differentiator. A growing share of insurers now require segmentation for coverage or view it positively in claims assessments. Enterprises that fail to move beyond adoption risk losing out on both resilience and financial advantages as this trend strengthens.
Maturity is stalling despite widespread segmentation
Adoption reaches 90%, but few firms advance to microsegmentation
Segmentation has become a near-universal control in North America. Ninety percent of enterprises in the region report using some form of segmentation, confirming that the technology is now a baseline safeguard, rather than an emerging practice. The challenge is that most deployments remain shallow. Only 33% of enterprises have advanced to microsegmentation, which allows far more precise isolation of assets and workloads. By contrast, many organizations continue to operate at the “managed” or “monitored” stage of maturity, limiting their ability to contain attacks effectively.
This maturity gap is more than a technical issue. Without deeper segmentation, organizations leave critical systems more exposed to lateral movement, ransomware propagation, and insider threats.
North American firms set clear goals but struggle to deliver results
When asked why they deploy segmentation, North American enterprises cite clear priorities. The top objectives are:
- Isolation of high-risk assets
- Ransomware containment
- Insider threat mitigation
These goals reflect an understanding that segmentation plays a central role in protecting core systems and maintaining operational continuity.
Other objectives rank much lower. Audit readiness and simplified policy environments are among the least cited goals, aligning with global findings that these benefits remain secondary. What is more concerning is the weak emphasis on Zero Trust. Fewer North American firms list Zero Trust as a driver, even though, globally, it ranks higher as organizations connect segmentation directly to resilience.
Outcomes tell a similar story. Despite making ransomware containment a leading objective, fewer than 70% of enterprises in North America report success in meeting this goal. The intent is clear, but execution falls short, leaving firms with unfulfilled objectives and unrealized resilience gains.
Narrow coverage and weak management undermine resilience
Limited asset coverage leaves gaps
Even where segmentation is in place, many North American enterprises are failing to extend it widely enough to deliver full resilience. On average, firms in the region protect four asset types, but only 30% extend segmentation across more than two business areas. This leaves critical systems and functions exposed to lateral movement and attack.
The data shows a clear payoff when organizations broaden coverage. Enterprises that segment four or more asset types report much greater confidence in their ability to contain ransomware. Broader coverage improves visibility, strengthens containment, and makes it harder for attackers to exploit weak points.
Yet, IoT devices remain the least protected class in North America, despite their rapid proliferation. As connected devices multiply across industries, from manufacturing to healthcare, limited segmentation around IoT creates a fast-growing vulnerability.
Policy discipline and management tools lag
Managing segmentation effectively requires regular policy updates and consistent use of advanced tools. In North America, more than 60% of enterprises rely on SIEM to manage segmentation, confirming it is the dominant baseline tool. Yet this reliance alone is not enough to support advanced maturity.
Only a third of organizations in the region update segmentation policies continuously. Without regular updates, policies quickly become outdated as IT environments shift. This lack of discipline undermines segmentation effectiveness and slows progress toward microsegmentation.
Centralized management platforms also remain limited in North America. Without them, enterprises struggle to streamline processes, enforce consistency, and advance policy discipline across diverse systems and environments.
Segmentation is becoming a financial and compliance lever
Insurance and compliance benefits emerge with maturity
Segmentation in North America is no longer only a technical safeguard. It is increasingly tied to financial outcomes, particularly through cyber insurance.
- 75% of enterprises in the region hold cybersecurity insurance
- Within this group, 30% report that segmentation is now a formal requirement for coverage
- 62% say it is viewed positively by insurers when assessing claims
Enterprises with advanced segmentation report reduced premiums and stronger confidence in claim approvals. Maturity also helps to simplify compliance, with most North American firms stating that segmentation makes regulatory obligations easier to meet. These benefits extend beyond technical resilience to shape financial and compliance readiness.
However, enterprises that remain at early stages risk losing out. Insurers and regulators are steadily strengthening their expectations, linking maturity to both costs and compliance outcomes. Without progress into more advanced stages, North American firms may struggle to capture the full value of their segmentation investments.
Cost, complexity, and resistance slow progress
Despite the clear benefits, many enterprises struggle to achieve microsegmentation. The leading barriers are:
- Network complexity
- High implementation costs
- Internal resistance
These challenges weigh especially heavily on organizations with larger and older IT estates, where legacy infrastructure adds both expense and operational risk to segmentation initiatives.
Operational disruption is another factor, though it is a lesser concern in North America than in some other regions. Even so, hesitation to make changes that might affect core services slows momentum and reinforces a culture of caution.
The combination of entrenched infrastructure and cultural resistance amplifies both cost and complexity. Many enterprises remain stuck at the planning or early execution stages, unable to translate intent into progress. Overcoming these barriers is critical if North American organizations are to advance beyond adoption and unlock the financial, compliance, and resilience benefits already within reach.
Threat exposure underscores the containment advantage
Ransomware remains a global constant. Nearly 80% of organizations worldwide reported at least one ransomware attack in the past 24 months. North America recorded the lowest incidence rate, while EMEA reported the highest.
What matters most is how enterprises respond when attacks occur. In North America, organizations with microsegmentation in place reduced ransomware containment time by 21.4%, closely aligned with the global average of 21%. In contrast, the impact in APJ was negligible, highlighting the regional variability of containment outcomes.
When attacks do occur in North America, microsegmentation proves critical in reducing their spread and impact.
North America at a turning point
Segmentation adoption is nearly universal worldwide, with about 90% of enterprises deploying some form of it, yet only one-in-three have advanced to microsegmentation. North America reflects this global maturity gap and falls further behind some regions, such as APJ, that are advancing faster with deeper practices and stronger management.
Half of North American enterprises without microsegmentation plan to adopt it within the next 24 months, and two-thirds of current adopters expect budget increases. But intent alone is not enough. Addressing internal barriers to mature microsegmentation adoption will be critical if enterprises are to capture the resilience, insurance, and compliance benefits already within reach.
Read the full report and discover the global state of microsegmentation.
