Nearly half (46%) of security leaders in nine markets across the world said they spend more time maintaining tools than defending the organisation while only 11% trust AI completely for mission-critical tasks.
Also, 66% experienced a data breach in the past year, making it the most common security incident.
These are from a Splunk report, prepared in collaboration with Oxford Economics. Researchers surveyed 2,058 security leaders in October 2024 through December 2024. Respondents were in Australia, France, Germany, India, Japan, New Zealand, Singapore, United Kingdom and United States.
Findings show that with new threats such as AI-powered attacks, organisations must be fully prepared and confident in protecting themselves and their customers. The common thread in addressing these concerns is to build a unified SOC that combines human expertise with AI advancements.
“Organisations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don’t see AI taking complete oversight of the SOC – for good reason,” said Michael Fanning, CISO at Splunk.
“Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation,” said Fanning.
When SOC workflows aren’t operating at their peak, it creates major barriers to effective threat detection and response.
The report highlights areas of inefficiencies that create risk for organisations. Among respondents, 59% said tool maintenance is the main source of inefficiency and 78% said their security tools are dispersed and disconnected. Also, 69% said disconnected and dispersed tools creates moderate to significant challenges.
Further, tool maintenance, data silos, and alert fatigue bog down SOC teams. These day-to-day burdens drain valuable time and impact an analyst’s ability to respond quickly and decisively.
The report revealed that 57% reported losing valuable investigation time to data management gaps; 59% had too many alerts and; 55% had to address too many false positives.
In addition, high stress levels, chronic understaffing, and burnout are taking a toll and put talent retention and long-term team stability at risk.
Findings show that 52% say their team is overworked; 52% said stress on the job has prompted them to think about leaving cybersecurity altogether and; 43% face unrealistic expectations by leadership.
Organisations see how AI can alleviate operational and staff shortage problems, as 59% have moderately or significantly boosted their efficiency with AI.
Over half (56%) have prioritised the application of AI to security workflows this year, while 33% plan to fill skills gaps with AI and automation.
Compared to publicly available tools, 63% agree that domain-specific AI significantly or extremely enhances security operations. However, AI is not running solo as organisations keep humans in the loop to deliver trustworthy AI outcomes.
The top three tasks that generative AI is helping across SOCs included threat intelligence analysis (33%); querying security data (31%) and; writing/editing security policies (29%).
