In previous blogs, I’ve discussed why segmentation matters, the challenges of getting it right, and the benefits that organizations see when they fully commit to both macro- and micro-segmentation. Today, I want to flip the question around. Instead of asking what happens when segmentation succeeds, let’s ask: why do so many segmentation projects fail.
That question is the focus of the newly released Cisco 2026 Segmentation Report, which draws on a survey of 400 failed segmentation projects at U.S.-based organizations with 500 or more employees. The findings are illuminating—and occasionally surprising.
Four Patterns of Failure
When we evaluated each failed project against twelve factors spanning general IT project management and segmentation-specific challenges, four distinct failure patterns emerged:
- Perfect Storm (50%). Projects that failed on nearly every front at once. General IT project management issues and segmentation-specific technical challenges hit simultaneously.
- Diffuse Friction (33%). Projects that didn’t fail on any single front, but accumulated enough moderate friction across many dimensions that progress stalled.
- Operational Drag (9%). Projects where goals and sponsorship were sound, but the burden of creating and maintaining segmentation policies became unsustainable.
- Scope & Visibility Trap (8%). Projects defeated by expanding scope, unrealistic timelines, and inadequate visibility into a complex environment.
The headline: more than 80% of failed projects stumble on multiple fronts at once, not on a single issue. Segmentation, it turns out, is rarely undone by one bad decision.
Where the Failures Concentrate
Not all segmentation projects are equally risky. Projects that include campus networks or use Layer 2 approaches (like VLANs) are especially prone to Perfect Storm or Scope & Visibility Trap failures. Projects involving IoT environments tend to fall into Diffuse Friction or Operational Drag. Interestingly, workload type (bare metal, virtualized, containerized, serverless) had no significant effect on failure patterns.
A Surprising Disconnect
Perhaps the most striking finding: when practitioners were asked what single change would have made the biggest difference, about 70% pointed to general IT project management fixes—even when the project had failed for segmentation-specific reasons. That ratio held across all four failure patterns.
The takeaway? Strong project management is a necessary foundation, but it’s not sufficient. When a segmentation-specific problem derails a project—a visibility gap, a policy maintenance burden, or tooling limitations—that problem needs a segmentation-specific fix. You can’t meet your way out of a missing asset inventory.
Read the Full Report
The full 2026 Cisco Segmentation Report goes deeper into each failure pattern, the environmental factors that shape them, and practical recommendations for teams planning segmentation projects. Download it here.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
