Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.


The Economics of Security Operations Centers: What is the True Cost for Effective Results?

January 30, 2020, 12:00 am

What if we told you that nearly half (49%) of IT security practitioners are dissatisfied with the effectiveness of their Security Operation Centers (SOCs) or service providers?  If you can relate, you might want to download our 2019 SOC benchmarking report with the Ponemon Institute. Those of you looking to gain efficiencies or increase your ROI with security monitoring and analysis this is a must-read.

For the report, Ponemon surveyed 637 security practitioners who work in or manage SOCs. The intent of this research is to understand the investments that organizations are putting into building and maintaining Security Operations and highlight the barriers that are preventing teams from being effective.

The digitized business is bringing more data online and into the cloud, and organizations are leveraging SOCs to monitor inbound threats to that data. As a result, the modern SOC is a foundational part of many organizations’ cybersecurity posture today. And the investment that organizations pour into their SOCs reflects that importance. On average, organizations spend $2.86 million annually on their in-house SOCs.

Yet despite this investment, our research uncovered that a majority of organizations found their investments in SOCs to be expensive and not performing as well as they had hoped.  Significantly, the cost increases to $4.44 million annually if outsourced to a managed security service provider (MSSP), negating any cost efficiency expectations from outsourcing. Reflecting this frustration, only 51% of organizations represented in this study are satisfied with either the effectiveness of their SOC or their service provider.

As the study reveals, there is a substantial expense in hiring, training and retaining SOC employees, making people one of the largest investment areas for the SOC. Exacerbating this expense is personnel turnover, with most reporting loss of SOC professionals due to burnout and related stressors. Interestingly, while the best-performing SOCs have a greater number of employees and slightly less turnover, they cost significantly more. However, most organizations can’t or don’t have the resources to build out best-of-breed infrastructure. In search of a solution, many organizations turn to outsourcing their SOCs with MSSPs, but that’s not a guarantee of success either. The report found that 42% of respondents consider their MSSPs to be ineffective.

If you want to see how you stack up with your peers, click here to read the full report!

Security (23)
Privacy (22)
global security (1)
Providers (1)