90 percent of organizations face attacks involving lateral movement

A new report from Illumio, based on a survey of over 1,100 IT and cybersecurity decision makers, finds that almost 90 percent of leaders have detected a security incident involving lateral movement within the past 12 months.

Each incident involving lateral movement resulted in a global average of over seven hours of downtime. Alert fatigue, along with limited and fragmented visibility, especially across hybrid environments, are two of the top challenges to detecting lateral movement.

Although 83 percent of organizations surveyed deploy multiple cloud detection and response (CDR) tools, nearly all (92 percent) report challenges with their current capabilities. Top issues include alert fatigue and lack of context, highlighting the need for more effective, context-rich CDR solutions.

There are other problem areas too, 80 percent of cybersecurity leaders say they monitor hybrid communications, and 77 percent monitor east-west traffic, yet 40 percent of that traffic lacks enough context to be useful. Fragmented visibility contributes to nearly half of lateral movement incidents going undetected.

Alert fatigue is also overwhelming, 67 percent of security teams (79 percent in the US) say they receive more alerts than they can effectively investigate, with teams receiving an average of over two thousand alerts per day -- the equivalent of one alert every 42 seconds. It’s not too surprising then that 92 percent of organizations have experienced security incidents due to missed or uninvestigated alerts. On average, it takes 12.1 hours to detect an issue caused by a missed alert.

Security teams spend an average of 14.1 hours per week chasing false positives due to a lack of useful and valuable visibility, tool sprawl, and outdated detection. 73 percent of leaders say this impacts their ability to focus on real threats.

“In today’s dynamic threat environment, real-time visibility isn’t a feature; it’s a requirement," says Andrew Rubin, CEO and founder of Illumio. “In the hybrid mesh, leveraging the AI-driven network security graph and focusing on breach containment is the only strategy that scales. AI-powered observability must do more than detect; it must find threats quickly and stop them from spreading immediately.”

Nearly 80 percent of respondents believe AI/ML will play a critical role in identifying lateral movement faster and reducing alert fatigue. Top security priorities for 2026 include increasing AI/ML-driven capabilities (34 percent), improving cloud detection and response (34 percent), reducing mean time to detect/respond (33 percent), and automating threat triage and investigation (31 percent).

The full report is available from the Illumio site.

Image credit: BeeBright/Depositphotos.com