Scrutiny of ROI in SOCs increases

At a time when the prospects for the global economy remain uncertain, there’s more focus on the cost of cybersecurity. Unfortunately, those costs appear to be rising rather than declining.

A survey of 682 security and IT professionals with security operations center (SOC) experience conducted by the Ponemon Institute on behalf of a provider of managed security services, find just over half of respondents (51%) said the return on investment (ROI) on investments in their SOC is headed in the wrong direction.

Primary causes cited by survey respondents include high levels of complexity (80%) along with increased security engineering costs and higher fees from managed security services providers (MSSPs). Organizations surveyed are spending an average of $2,716,514 per year on security engineering, however, only 51% rate their security engineering efforts as effective or very effective. The average cost for security monitoring by an MSSP has also increased roughly 20% to $5,307,250 annually, the survey finds.

Organizations are increasing security analyst salaries, with the average the average salary being $111,000 in 2020. Despite that effort, however, organizations expect three analysts will still resign or be fired in one year.  On average, organizations expect to hire five analysts in 2021. However, only a little more than a third (38%) said they believe they can hire the right talent.

Not surprisingly, organizations are increasing their investments in extended detections and response (XDR) and security automation tools to augment their security. Organizations surveyed intended to spend an average of $333,150 for XDR; $345,150 for security orchestration automation and response (SOAR) platforms; $285,150 for managed detection and response (MDR); and $183,150 for security information event management (SIEM) tools.

Those investments may pay off one day but in the short term, each additional layer of security added has a negative short-term impact on ROI. Obviously, the hope is that long term the ROI on SOC investments will improve as more security functions become more automated thanks to advances in, for example, artificial intelligence (AI).

In the meantime, frustration is mounting. Cybercriminals are become more adept at exploiting trivial weaknesses in systems that are often considered to be not especially critical to infect entire software supply chains. Unfortunately, many of these systems are connected to mission-critical applications that are being compromised as malware moves laterally across an organization. The truth is more organizations are falling victim to attacks even as the level of investment they have made in cybersecurity has increased. That’s a difficult conversation for any cybersecurity professional to have with the leaders of their organization. In fact, it may not be too long before business leaders require cybersecurity teams to accomplish their mission using the funds available. In many cases, legacy security tools will need to rationalized sooner than expected to help pay for new investments.

Whatever the path forward, it’s clear the current cybersecurity status quo will not hold. Whether it’s embracing best DevSecOps practices to reduce the potential number of vulnerabilities or investing more in training, something has to give in terms of how security is achieved, managed, and maintained. Otherwise, everybody is just banging their heads against the proverbial wall in expectation of a different result that never comes.