TL;DR: Omdia’s 2025 survey found that 99% of organisations are implementing or planning microsegmentation, but only 9% have protected more than 80% of critical systems, while 69% of industrial ransomware incidents in 2024 targeted manufacturing, according to Dragos. The execution gap, not the strategy gap, is now the decisive risk variable for manufacturing security teams.
NHIMG editorial — based on content published by Elisity: Microsegmentation in Manufacturing, based on Omdia survey findings on ransomware and lateral movement
By the numbers:
- 99% are implementing or planning microsegmentation, but only 9% have more than 80% of critical systems protected.
- 69% of all industrial ransomware incidents in 2024 targeted manufacturing entities, with 75% resulting in partial or full operational shutdowns.
- Nearly half of manufacturing organizations experienced a lateral movement attack in the past 12 months.
Questions worth separating out
Q: What breaks when manufacturing networks rely on VLANs for segmentation?
A: VLANs create broad trust zones, so once an attacker enters a segment, they can often move laterally to other reachable devices inside the same zone.
Q: Why do industrial environments need identity-based microsegmentation?
A: Industrial environments need identity-based microsegmentation because IP addresses and subnets do not capture who is connecting, what device is connecting, or what that device is allowed to reach.
Q: How do security teams know if microsegmentation is actually working?
A: Look for evidence that critical systems are protected, not just that policies exist.
Practitioner guidance
- Inventory reachable trust zones across OT and IT paths Identify where VLANs, ACLs, vendor tunnels, and remote engineer access still allow broad east-west movement.
- Define policies using identity and approved flows Use device identity, user role, and application-specific communication patterns to express policy.
- Roll out enforcement in phases with simulation first Start with discovery and passive mapping, then simulate rules before enforcement.
What's in the full report
Elisity's full article covers the operational detail this post intentionally leaves for the source:
- The full Omdia survey breakdown by manufacturing and healthcare, including deployment maturity and feature priorities.
- The detailed comparison of legacy segmentation methods against identity-based microsegmentation in OT environments.
- The operational change-control data behind the deployment slowdown, including time spent on policy creation and troubleshooting.
- The survey's breakdown of user types, device classes, and integration priorities for production environments.
👉 Read Elisity's analysis of the Omdia microsegmentation survey for manufacturing →
Microsegmentation in manufacturing - are controls keeping up?
Explore further
Microsegmentation in manufacturing is now an identity governance problem, not just a network design issue. The article shows that manufacturers are not short on awareness, but on enforceable trust boundaries that can distinguish one user, device, or workload from another. As environments mix OT assets, vendor access, and remote engineering sessions, identity context becomes the only practical way to express least privilege at runtime. Practitioners should treat segmentation policy as an access governance control, not a routing exercise.
A question worth separating out:
Q: Who is accountable when microsegmentation gaps contribute to ransomware impact?
A: Accountability usually sits across OT security, network engineering, and IAM or PAM teams, because segmentation failures often reflect shared governance gaps. The control spans asset visibility, access policy, and operational change management, so ownership must be explicit. Frameworks such as NIST CSF and IEC 62443 help assign duties more clearly.
👉 Read our full editorial: Microsegmentation in manufacturing: the lateral movement gap persists