The business case for microsegmentation: Lower insurance costs, 33% faster ransomware response

Network segmentation has been a security best practice for decades, yet for many reasons, not all network deployments have fully embraced the approach of microsegmentation. With ransomware attacks becoming increasingly sophisticated and cyber insurance underwriters paying closer attention to network architecture, microsegmentation is transitioning from nice to have to business imperative.

New research from Akamai examines how organizations are approaching microsegmentation adoption, implementation challenges, and the tangible benefits they’re seeing. The data reveals a significant gap between awareness and execution, but it also shows clear financial and operational incentives for network teams willing to make the transition. Key findings from Akamai’s Segmentation Impact Study, which surveyed 1,200 security and technology leaders worldwide, include:

• Only 35% of organizations have implemented microsegmentation across their network environment despite 90% having adopted some form of segmentation.
• Organizations with more than $1 billion in revenue saw ransomware containment time reduced by 33% after implementing microsegmentation.
• 60% of surveyed organizations received lower insurance premiums tied to segmentation maturity.
• 75% of insurers now assess segmentation posture during underwriting.
• Network complexity (44%), visibility gaps (39%) and operational resistance (32%) remain the primary barriers to adoption.
• Half of non-adopters plan to implement microsegmentation within two years, while 68% of current users expect to increase investment.

“I believe the biggest surprise in the data was the effectiveness of microsegmentation when used as a tool for containing breaches,” Garrett Weber, field CTO for enterprise security at Akamai, told Network World. “We often think of segmentation as a set-it-and-forget-it solution, but with microsegmentation bringing the control points to the workloads themselves, it offers organizations the ability to quickly contain breaches.”

Why traditional segmentation falls short

Microsegmentation applies security policies at the individual workload or application level rather than at the network perimeter or between large network zones.

Weber challenged network admins who feel their current north-south segmentation is adequate. “I would challenge them to really try and assess and understand the attacker’s ability to move laterally within the segments they’ve created,” he said. “Without question they will find a path from a vulnerable web server, IoT device or endpoint that can allow an attacker to move laterally and access sensitive information within the environment.”

The data supports this assessment. Organizations implementing microsegmentation reported multiple benefits beyond ransomware containment. These include protecting critical assets (74%), responding faster to incidents (56%) and safeguarding against internal threats (57%).

Myths and misconceptions about microsegmentation

The report detailed a number of reasons why organizations have not properly deployed microsegmentation. Network complexity topped the list of implementation barriers at 44%, but Weber questioned the legitimacy of that barrier.

“Many organizations believe their network is too complex for microsegmentation, but once we dive into their infrastructure and how applications are developed and deployed, we typically see that microsegmentation solutions are a better fit for complex networks than traditional segmentation approaches,” Weber said. “There is usually a misconception that microsegmentation solutions are reliant on a virtualization platform or cannot support a variety of cloud or kubernetes deployments, but modern microsegmentation solutions are built for simplifying network segmentation within complex environments.”

Another common misconception is that implementing microsegmentation solutions will impact performance of applications and potentially create outages from poor policy creation. “Modern microsegmentation solutions are designed to minimize performance impacts and provide the proper workflows and user experiences to safely implement security policies at scale,” Weber said.

Insurance benefits create business case

Cyber insurance has emerged as an unexpected driver for microsegmentation adoption. The report states that 85% of organizations using microsegmentation find audit reporting easier. Of those, 33% reported reduced costs associated with attestation and assurance. More significantly, 74% believe stronger segmentation increases the likelihood of insurance claim approval.

For network teams struggling to justify the investment to leadership, the insurance angle can provide concrete financial benefits: 60% of surveyed organizations said they received premium reductions as a result of improved segmentation posture.

Beyond insurance savings and faster ransomware response, Weber recommends network admins track several operational performance indicators to demonstrate ongoing value.

Attack surface reduction of critical applications or environments can provide a clear security posture metric. Teams should also monitor commonly abused ports and services like SSH and Remote Desktop. The goal is tracking how much of that traffic is being analyzed and controlled by policy.

For organizations integrating microsegmentation into SOC playbooks, time to breach identification and containment can offer a direct measure of incident response improvement.

AI can help ease adoption

Since it’s 2025, no conversation about any technology can be complete without mention of AI. For its part, Akamai is investing in AI to help improve the user experience with microsegmentation. 

Weber outlined three specific areas where AI is improving the microsegmentation experience. First, AI can automatically identify and tag workloads. It does this by analyzing traffic patterns, running processes and other data points. This eliminates manual classification work.

Second, AI assists in recommending security policies faster and with more granularity than most network admins and application owners can achieve manually. This capability is helping organizations implement policies at scale.

Third, natural language processing through AI assistants helps users mine and understand the significant amount of data microsegmentation solutions collect. This works regardless of their experience level with the platform.

Implementation guidance

According to the survey, 50% of non-adopters plan to implement microsegmentation within the next 24 months. For those looking to implement microsegmentation effectively, the report outlines four key steps :

• Achieve deep, continuous visibility: Map workloads, applications and traffic patterns in real time to surface dependencies and risks before designing policies
• Design policies at the workload level: Apply fine-grained controls that limit lateral movement and enforce zero-trust principles across hybrid and cloud environments
• Simplify deployment with scalable architecture: Adopt solutions that embed segmentation into existing infrastructure without requiring a full network redesign
• Strengthen governance and automation: Align segmentation with security operations and compliance goals, using automation to sustain enforcement and accelerate maturity