All security programs are based on the same premise: once the system is connected, the problem is resolved. Open a ticket, launch a gateway, and push data through. end.
That assumption is wrong. This is also the main reason why Zero Trust programs stall.
A new study my team just published shows the numbers. The Cyber360: Defending the Digital Battlespace report is based on a survey of 500 government, defense, and critical services security leaders in the U.S. and U.K. and found that 84% of government IT security leaders agree that sharing sensitive data across networks increases cyber risk. More than half (53%) still rely on manual processes to move data between systems. 2026. AI accelerates the pace of work for both parties.
That’s the Zero Trust gap that no one talks about. It’s not an identity. It’s not an endpoint. Movement of the data itself.
Threat volume is growing faster than control
Cyber360 reported an average of 137 attempted or successful cyberattacks against national security agencies per week in 2025, up from 127 a year earlier. The US government agency estimates that the weekly rate has increased by 25%. Verizon’s 2025 Data Breach Investigations Report follows a similar trajectory on the enterprise side. Third-party involvement in breaches has doubled year over year, reaching 30% of all incidents. IBM’s 2025 Cost of Data Breach Report puts the average cost of a breach across multiple environments at $5.05 million, approximately $1 million more than an on-premises-only incident.
The boundaries between IT and OT, between tenants, between partners and internal environments are where the money and time resides today.
Connectivity is not the same as secure data movement
The moment data crosses boundaries, whether it’s between an OT network and an enterprise SOC, between a partner tenant and the cloud, or between sensitive and unclassified, it’s no longer a matter of routing, it becomes a matter of trust. Validation, filtering, and policy controls must be done before downstream can act on it. This is where modern architecture lags behind.
Cyber360 data is candid about where the pain is concentrated.
78% of respondents cited outdated infrastructure as the main cause of cyber vulnerabilities, specifically pointing to analog systems and manual processes as weak points. 49% cite ensuring data integrity and preventing tampering in transit as the biggest challenge when transferring information between sensitive or federated networks. 45% indicated that managing identity and authentication across multiple domains is their biggest access challenge.
In-transit integrity, cross-domain identity, and manual processes are still in the loop. This is a real-life description of the attack surface that attackers have been exploiting for three years.
Corporate data tells the same story in different languages. According to Dragos’ 2025 OT Cybersecurity Report, 75% of OT attacks now occur as IT breaches, and approximately 70% of OT systems are expected to connect to IT networks within the next year. The traditional IT/OT air gap has virtually disappeared. Violation of managed file transfer will send points home. Cl0p’s exploitation of MOVEit compromised over 2,700 organizations and exposed the personal data of approximately 93 million people. The same playbook also worked for GoAnywhere and Cleo. Both of these incidents were essentially attacks on pipes that move data between trust boundaries.
The trade-off between speed and security is a misconception
There is a persistent belief that data can only be moved fast or securely. Please choose one.
In reality, most teams choose security and accept delays. This works when decision-making cycles are measured in minutes. It doesn’t work if you measure it in seconds, and it completely falls apart if you measure it in milliseconds.
AI is accelerating on both fronts. Detection and response pipelines are moving towards autonomous actions. Do not wait for the gateway to finish inspecting the file. With 53% of national security organizations still moving data manually, the gap between the demand for AI speed and the supply of analog speed becomes an attack surface. AI models, whether they perform fraud detection, threat triage, or targeting analysis, are driven by the data that reaches them. If the data cannot move freely or is unreliable upon arrival, the model runs in an old or partial context. The bottleneck is not the intelligence layer. This is the pipe underneath.
The role of cross-domain technology
This is where cross-domain technology comes into play, rather than as a compliance checkbox.
Done right, you no longer have to choose between speed and security. Enforce trust at the boundary, not after the boundary. These enable the system to operate as a coordinated whole, rather than as a series of isolated islands strung together by point-to-point integrations, which attackers have proven capable of dismantling at scale.
Cyber360 research provides a concrete architectural answer: a layered model that combines zero trust, data-centric security, and cross-domain solutions. No single framework can bridge the gap. Zero trust controls who and what. Data-centric security manages data itself, no matter where it moves. Cross-domain solutions control movement between environments. Together, they enable secure data sharing across sensitive, federated, and operational boundaries at near real-time speeds.
This principle applies beyond defense. An enterprise program where SOC data crosses the boundaries of OT, IT, and cloud. Critical infrastructure where operational data must reach decision makers without compromising integrity. Multi-party investigations where partner data must flow in both directions based on policy.
conclusion
The assumption that reliable data arrives the moment it crosses a boundary is the assumption that attackers are most likely exploiting today. The perimeter is the attack surface. It is the movement that causes the collapse of policy. And with more than half of national security organizations still moving sensitive data through manual processes, the gap between speed of mission and speed of control is more than just a bottleneck. It’s vulnerability.
That’s where Everfox works, securing the access, transmission, and movement of data across environments at mission speed.
See our guide to secure collaboration and data movement for architectural patterns, control placement, and operational pitfalls.
Note: This article was written and contributed by: Petko Stoyanov, Everfox Chief Technology Officer, said:
Source link
