Security Operations Center (SOC) teams are being stretched to the breaking point. Although global cybersecurity spending continues to grow at a record pace, eclipsing investments in many other areas of technology, risk management, and operational infrastructure, few security operations centers are achieving the meaningful and demonstrable results that Chief Information Security Officers (CISOs) are hoping to see.
So why do businesses continue to spend more money for less capability?
A big part of the answer lies in the fact that security leaders often can’t communicate risks effectively to the business, especially in the quantitative and financial terms that are most important to accurately convey their scale. This inability gives rise to misplaced spending, as well as underinvestment in the areas that matter most. Ultimately, it leads to a widening disconnect between security and the business.
In today’s world, building and maintaining a SOC is incredibly expensive, and creating a top-performing one costs even more. According to research conducted by the Ponemon Institute, the average annual cost for staffing and maintaining an enterprise-grade SOC in 2020 was $2.86 million, but a SOC that was rated “highly effective” cost an average of $3.5 million per year to operate. One whose effectiveness was rated “low” cost only $1.9 million per year. The largest line-item expenditure involved in maintaining a SOC is security analyst salaries. On average, a Tier 1 analyst was paid $102,315 in 2020, and salaries are expected to increase 29% in the coming year.
Tool sprawl is also driving costs upwards without consistently contributing to SecOps teams’ effectiveness. The average enterprise is now running 45 different security tools and technologies, but those that have more than 50 solutions in place are actually rated 8% less able to detect a cyberattack — and 7% lower in their ability to respond — than organizations using fewer than 50 tools. Past a certain point, adding more tools to the security technology stack increases complexity, adding more dashboards that must be monitored, and more disparate data that must be correlated, without giving security analysts centralized visibility or a better understanding of what to prioritize.
The result is that the cybersecurity industry has created an untenable situation for the skilled professionals who staff today’s security operations centers. High stress levels and excessive job turnover are endemic among security analysts, who continue to be in high demand and short supply.
In a survey of security analysts conducted by the Cyentia Institute, more than 25% of respondents expressed dissatisfaction with their current position and one-third were currently looking for another job. Tellingly, 28% had never stopped an actual intrusion or couldn’t remember having done so.
There’s an overwhelming need to allocate more spending to one resource: human capital, which is in high demand and in short supply in the industry today. The focus on one of the industry’s biggest challenges, the cybersecurity skills gap, is no surprise given the volume and sophistication of recent attacks against the government and critical infrastructures. Enabling security analysts to become more effective and see actual results is key for increasing job satisfaction and retention rates among security analysts and incident responders.
To do this, organizations must:
- Use automation to replace the most common and repetitive manual workflows
- Increase contextual awareness to improve speed and accuracy of event triage and incident response
- Improve processes and document effectiveness so that analysts can better understand where they’re making an impact
To read more about why there is a widening gap between security and business, and how to equip your security team for better detection and response, download our complimentary Smarter SOAR whitepaper here!