SOC Investment Leads to Improved Incident Response Times
Dark Reading’s 2021 Incident Response Survey reveals an upswing in SOC capabilities with promising results.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Enterprise organizations are ramping up on incident response (IR) and security operations center (SOC) capabilities amid heightened concerns over data breaches, third-party risk, and loss of intellectual property. As a result, nearly half (48%) of organizations have the ability to detect a potential compromise as soon as one occurs or within minutes of it happening.
Dark Reading’s 2021 Incident Response Survey polled 215 IT and cybersecurity professionals from over 20 industries on a variety of issues that pertain to organizational ability to detect and respond to security incidents. The results reveal an upswing in SOC capabilities. A substantially higher percentage of organizations report that they have a formal SOC capability and incident response teams of 15 or more staff members.
Likely as a result of these changes, more respondents this year describe their organization as able to detect most security incidents in near-real time, or within minutes. More than half, 56%, say they remediate most security incidents within minutes or hours of occurrence, compared with 52% in last year’s survey.
Other survey highlights include:
21% of organizations, compared with 11% in Dark Reading’s 2020 survey, report having a dedicated IR team of 15 or more people.
38% of organizations currently have an SOC and another 12% plan to build one internally.
58% of survey respondents say that less than 10% of the security incidents they have experienced had a significant negative impact on the organization.
17% of IT and security leaders surveyed — compared with 10% last year — say they are most concerned about credentialed users misusing data.
44% of organizations report being well connected with the IR teams of business partners, or at least exchange data that might indicate a compromise.
The full report, The State of Cybersecurity Incident Response, can be read here.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024