NEW PONEMON RESEARCH: Growing Security Operation Center Challenges, Increasing Complexity and Rising Costs Drive Investments in XDR and Security Automation

Ponemon Institute and FireEye release second annual study on the Economics of Security Operations Centers, uncovering increasing management complexity, higher staffing and outsourcing costs, and anticipated spend on new technologies

MILPITAS, Calif., Jan. 12, 2021FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today released the “Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results?” report from Ponemon Institute. The report finds that organizations are spending more to account for widespread security operation center (SOC) challenges including growing security management complexity, increasing analyst salaries, security engineering and management outsourcing costs, yet are still dissatisfied with the outcomes. However, companies are also boosting investments in new SOC tools like Extended Detection and Response (XDR) and security automation to help solve these issues.  

“The findings of the Ponemon Economics of the SOC report show that organizations are facing an onslaught of rising security operations costs, but despite these increased investments, are still unhappy with their ability to combat growing cyberthreats,” said Chris Triolo, Vice President of Customer Success, FireEye. “Many security teams are now seeking new technologies that can provide greater efficiencies and visibility, while cutting alert overloads and eliminating mundane tasks to improve analyst morale.”

Perceived ROI of the SOC Drops, While Costs Rise

The ROI of SOC investments have been worsening, due to increasing complexity and rising security engineering and management outsourcing costs.

  • Perceived ROI of the SOC is Dropping Due to Management Complexity: More than half (51 percent) of respondents say the ROI of the SOC is getting worse, compared to 44 percent in 2019. More than 80 percent rate their SOC’s complexity as very high, rising from 74 percent in 2019.
  • Rising Outsourcing Costs Lessen Appeal: The cost to pay MSSPs for security monitoring also increased and may impact ROI. The average cost for respondents is $5,307,250 annually, an increase from $4,441,500 in 2019 (i.e., approximately 20 percent year over year).
  • High Security Engineering Costs Aren’t Resolving Needs: Organizations surveyed are spending an average of $2,716,514 per year on security engineering. However, only 51 percent of respondents rate their security engineering efforts as effective or very effective.
SOC Workers Unhappy, Despite Increasing Salaries

Even with increasing salaries, organizations are not able to boost employee morale.  

  • Security Analyst Morale Impacted by Long Hours and Demanding Work: 85 percent of respondents say working in the SOC is painful or very painful, with this sentiment growing from 72 percent in 2019. Increasing workloads and being on call are overwhelming security analysts, with 75 percent saying that these factors cause burnout, rising from 70 percent in 2019.
  • SOCs Can’t Meet the Rate of Security Analyst Turnover: Despite organizations surveyed expecting to hire an average of five analysts in 2021, three will resign or be fired in one year. Organizations are increasing security analyst salaries, with the average rising from $102,000 in 2019 to $111,000 in 2020. However, only 38 percent still believe they can hire the right talent.
New Technology Investments Show Promise

However, increasing investments in new XDR and security automation tools show promise to reduce security engineering costs, boost SOC performance and employee morale.

  • XDR and Security Automation Budgets are Increasing: Organizations are investing in XDR as an emerging category to improve SOC performance. Organizations surveyed intended to spend an average of $333,150 for XDR; $345,150 for SOAR; $285,150 for MDR; and $183,150 for SIEMs.
The SOC is Key for Maintaining Security Posture

Despite current ROI perception, respondents noted that the SOC is more important than ever to having a strong security posture.

  • The SOC is Essential: The number of respondents who said their SOC is essential or very important increased from 73 percent last year to 80 percent now. Meanwhile, the most important SOC activities are: Minimizing false positives reporting (88 percent); having agile DevOps functions (increasing from 73 to 85 percent); and automating machine learning tools (increasing from 72 to 80 percent).
Additional Report Resources
Ponemon Study Methodology

The Ponemon Institute surveyed 682 SOC managers, security analysts, general security practitioners, IT managers and directors who have a Security Operations Center and are knowledgeable about cybersecurity practices in their organizations.

In 2019, this report was sponsored by Respond Software, now a part of FireEye.

About FireEye, Inc

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,600 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.

© 2021 FireEye, Inc. All rights reserved. FireEye and Mandiant are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Contacts       

Media
[email protected]

Investors
[email protected]