Today’s organizations operate in a complex environment characterized by continually evolving cybersecurity threats and tactics, and evolving networks that extend into the cloud. As a result, organizations are finding it increasingly challenging to efficiently and consistently protect their digital perimeters and mitigate risk.
It’s no surprise, then, that organizations across industries are weighing whether to outsource security operations (SOC) or manage in house. The Second Annual Study on the Economics of Security Operations Centers by Ponemon Institute provides key insights on that top-of-mind issue from 17,200 IT and IT security practitioners.
With SOCs handling a range of activities, 80% of respondents say these security command centers are essential or very important to a strong security posture. That’s up from 73% in the previous Ponemon survey.
Yet, year over year, it’s hard to boost the SOC’s effectiveness in line with the growing complexity of SOC management. Even 72% of high performers* find it challenging to manage their SOCs.
More than one-third of SOCs represented in the Ponemon study changed to a remote worker environment, and 51% of respondents said that significantly impacted their SOC performance. Simply put, it’s more challenging to deal with endpoint security and denial of service attacks with more employees working remotely.
As organizations deploy more security solutions to try to address their growing security concerns, they often fall short. Consider that they spend an average of $2,716,514 per year on security engineering to integrate disparate security data, build out rules, and automate processes. In spite of such a big spend, just 23% of respondents rate their security engineering efforts as very effective.
Arguably, quickly and effectively identifying and mitigating threats is the most critical activity in the SOC. In spite of investing nearly $4 million annually on their SOCs, organizations underinvest in key areas: notably, threat hunting, and incident response and remediation.
In many cases, this is likely due to lack of in-house expertise to translate threat intelligence into proactive response. The Ponemon survey found that an average of 12 IT security practitioners are assigned to their organization’s SOC. Yet demand for cybersecurity talent continues to outpace the supply, according to the latest (ISC)² Cybersecurity Workforce Study. In fact, the (ISC)2 study posits that the global cybersecurity workforce must grow 65% to effectively defend organizations’ critical assets.
This ongoing talent shortage puts additional pressure on existing security operations staff to perform highly important activities, including:
Even as more organizations pay salaries at the higher end of the range, they routinely experience turnover. On average, organizations hire five analysts and see three security analysts resign or be fired annually – the same as in the previous Ponemon survey. (In contrast, high-performing organizations hire an average of seven analysts in one year and see an average of two analysts resign or be fired annually).
With so much turnover of SOC analysts, organizations find themselves on a never-ending treadmill trying to find, hire and keep top talent in their SOC. According to 80% of respondents to the Ponemon survey, the primary – and growing – reason for analyst turnover is burnout in 24/7/365 SOCs dealing with growing workloads.
Notably, 85% of respondents overall find it’s painful or very painful working in their organization’s SOC, an increase from 72% in the previous survey. Even in high-performing SOCs, 76% of security personnel feel significant pain fulfilling their job requirements.
It’s no surprise considering all that comes with more complex and extended operating environments: information overload, stress, and lack of sufficient visibility into network and IT infrastructure, to name a few.
In the face of growing SOC complexity and high analyst burnout and turnover, more than half (51%) of respondents said the ROI of the SOC is declining – a jump from the 44% of respondents saying the same in the previous survey. Even 25% of high performers are seeing a decline in SOC ROI.
As they struggle to efficiently and effectively manage the growing complexity of their SOCs, more organizations are turning to managed security services providers (MSSPs) – and with great results.
In fact, 51% percent of security practitioners report partially or completely outsourcing their SOC. And with good reason: 52% say their organizations rate the effectiveness of their MSSPs as high or very effective – a significant jump since the previous Ponemon survey. Interestingly, 86% of high performers – those most effective at detecting attacks – rate their MSSP effectiveness as very high.
This makes perfect sense considering that MSSPs offload many of the burdensome, critical tasks at the heart of effective cybersecurity. They do so through a variety of means, including investments in top-tier staff, deployment of technologies that provide greater visibility, and expert and timely analysis of information and alerts.
Because MSSPs absorb the brunt of SOC tasks – including 24x7x365 proactive monitoring and daily emergencies – in-house SOCs avoid overtaxing internal teams while gaining essential coverage for critical areas. Freed in this way, SOCs can prioritize activities and specializations.
As a progressive Tier 3 MSSP, Nuspire provides customized cybersecurity solutions based on client objectives, requirements, and risk tolerance. While all MSSPs offer solutions to detect, respond to, protect against and prevent cyberthreats, Nuspire helps organizations close security gaps quickly so our clients can do more.
Nuspire is dedicated to revolutionizing the cybersecurity industry through innovation, operational excellence and client experience. Providing simple solutions to complex problems for clients in a variety of industries, sizes, maturity levels and expected outcomes, we’ve been named a Representative Vendor in the 2022 Gartner Market Guide for Managed Security Services (MSS). Nuspire’s advanced, award-winning services are also recognized by CRN,
Info Security and InfoSec.
Check out top 10 tips for working with an MSSP, and learn more about what sets Nuspire apart from other MSSPs, including our Security in Action framework.