Industry Insights

The Complexity Tax: What Enterprise Fragmentation Is Actually Costing You 

Thirty-five percent of organizations surveyed for Versa’s inaugural Annual State of SASE + AI Report, “The Cost of Complexity suffered a security breach in the past year that was directly caused or worsened by poor coordination between networking and security teams. Not by a sophisticated nation-state actor. Not by a zero-day exploit. By the seam between two teams that report to different people, fund different tools, and measure success differently. 

That number is worth sitting with before you move on. 

The report — based on 525 senior IT and security decision-makers at organizations with 1,000 or more employees — is worth your time for a specific reason: it is not a vendor argument for convergence. It is a structured accounting of what SASE complexity costs enterprises right now, in terms precise enough to take into a board conversation or a budget negotiation. 

The complexity tax shows up in your P&L, not just your architecture diagrams 

Fifty-three percent of respondents report higher operational costs from managing redundant and overlapping networking and security tools. Forty-five percent say complexity has delayed rollouts of new applications or services. Thirty-four percent report lower employee productivity as a direct consequence. 

None of these are hypothetical risks. They are line items someone is already absorbing — usually distributed across enough cost centers that no single owner has to account for the full number. The value of the report is that it aggregates what fragmentation actually costs when you stop letting it hide. 

For CIOs, the application rollout data is the sharpest edge. When 52% of larger enterprises say complexity has delayed new application or service deployments, that is not an IT problem — that is a revenue timing problem. Every week a product feature, customer portal, or operational workflow sits waiting on infrastructure review is a week your competitors do not have to wait if their stack is cleaner than yours. 

By the numbers: Organizations with 50+ vendors are nearly twice as likely to report delayed application rollouts as those with leaner stacks (61% vs. 34%). 

The breach data is an org chart problem, not a technology problem 

CISOs often treat security gaps as a technology procurement challenge. The 2026 report complicates that framing in a useful way. When 64% of organizations say conflicting priorities between teams have caused critical projects to fail or stall, and 48% cite poor coordination between networking and security specifically, the breach exposure is not coming from your tool set. It is coming from the gap between your team and the one down the hall. 

The report is direct about this: legacy architecture makes organizational alignment harder because teams are managing incompatible systems with limited shared language. Siloed teams, in turn, make modernization slower because no one owns the full picture. These two problems compound each other, and you cannot solve one without the other. 

For a CISO preparing a board-level security posture update, this data gives you a frame that is more honest — and ultimately more persuasive — than threat landscape slides. Boards understand organizational dysfunction. They understand that 35% of their peer organizations got breached not because an attacker was clever but because two internal teams were not talking. 

AI didn’t create this problem, but it’s making the bill due 

Ninety-five percent of respondents say AI is forcing their networking and security teams to collaborate more closely. That number is not surprising — what is instructive is the mechanism. AI is generating more traffic, enabling faster and more sophisticated attacks, and demanding a speed of response that neither team can deliver operating independently. 

One Vice President respondent put it directly: 

“AI tools require massive data access, cloud connectivity, APIs, and model integrations, which blurs the line between network performance and security risk.” 

That blurring is happening whether your teams are structured to handle it or not. 

The report also surfaces something CIOs should flag to their boards: 60% of organizations cite over-reliance on legacy vendors as a cause of critical project failure. AI adoption timelines are not forgiving of infrastructure that needs six-month procurement cycles to adapt. 

The planning phase is where convergence initiatives go to die 

Seventy-six percent of organizations in the SASE planning phase report frequent or occasional budget disagreements between networking and security teams — a higher conflict rate than organizations actively implementing or already converged. The planning phase is where organizational seams show up most acutely, because it forces consensus on ownership, budget, and vendor strategy simultaneously, often for the first time. 

The C-suite disconnect finding is worth flagging internally: C-level executives are more than twice as likely as directors to believe SASE ownership should sit with executive leadership (53% vs. 20%). Directors favor joint committees (45% vs. 29% for C-suite). If leadership assumes someone below them owns the coordination and those below assume leadership will mandate it, the initiative stalls — not from lack of intent, but from a governance assumption nobody spoke aloud. 

Naming that dynamic explicitly, with data behind it, is a more productive conversation than another architecture review. 

What convergence is actually for 

The report closes with what leaders say a perfectly converged networking and security model would make possible: unprecedented operational agility, a shift from reactive to proactive security posture, and the ability to stop fighting fires and start driving innovation. These are not aspirational marketing quotes — they are the answers your peers gave when asked to describe the operational state their current environment is preventing. 

The complexity tax is not a fixed cost. But it compounds — and AI is accelerating the compounding. For CIOs and CISOs who need a common vocabulary and a shared data set to take into difficult internal conversations, this report is a practical starting point. 

We are obviously partial to how Versa approaches the architecture question. But the survey data stands independent of that. Read it, use what is useful, and find what fits your requirements. 

Read the full 2026 State of SASE + AI Report