Content, Content

Security Operations Center (SOC) & MSSP Research: Ponemon Findings


Most organizations view security operations centers (SOCs) as critical elements in their cybersecurity strategies, according to a survey of 637 IT and IT security practitioners conducted by Ponemon Institute and SOC software provider Respond Software.

Dig a bit deeper into the report, and MSSPs (managed security services providers) may find some key stats and trends to help shape SOC budgeting in the years ahead.

Key findings from "The Economics of Security Operations Centers: What is the True Cost for Effective Results?" survey included:

  • Organizations spend an average of $2.86 million annually on their in-house SOC.
  • The average salary for a tier one SOC analyst is $102,315, and 45 percent of organizations said SOC analyst salaries are expected to increase by an average of 29 percent in 2020.
  • 77 percent said SOC analyst training is "highly important."
  • 73 percent said their SOCs are essential (31 percent) or very important (42 percent) to their overall cybersecurity strategy.
  • Monitored or managed firewalls or intrusion prevention systems (59 percent) ranked first among services deployed within SOC environments, followed by monitored or managed multifunction firewalls or unified threat management (UTM) technology (56 percent) and monitored or managed intrusion detection systems (55 percent).

The survey also highlighted various challenges relative to in-house SOC staff, including:

  • Hiring and Recruitment: On average, nearly eight months is required to find a new SOC analyst (3.5 months) and train him or her (3.8 months).
  • Workload: 75 percent of organizations said an increasing workload causes SOC staff burnout.
  • Turnover: In an average organization, three SOC analysts will be fired or resign in one year.

In addition, the survey offered insights into the following cost considerations of outsourcing an SOC to an MSSP:

  • On average, the total cost of an SOC was $4.44 million annually for organizations that outsource to an MSSP.
  • 63 percent of organizations said they plan to bring their SOC back in-house or switch to another vendor.
  • 51 percent said they partially or completely outsource their SOC.
  • 32 percent said their MSSPs are only moderately effective, and 26 percent said they are ineffective.

The top-performing SOCs have a greater number of employees, less turnover and higher costs than others, the survey revealed. Yet most organizations lack the resources to build out their infrastructure accordingly.

However, highly effective MSSPs can help organizations deploy cybersecurity technologies and programs. These MSSPs enable organizations to address security vulnerabilities, as well as keep pace with evolving cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.