SOC Investment Leads to Improved Incident Response Times

Dark Reading’s 2021 Incident Response Survey reveals an upswing in SOC capabilities with promising results.

Dark Reading Staff, Dark Reading

August 13, 2021

2 Min Read

Enterprise organizations are ramping up on incident response (IR) and security operations center (SOC) capabilities amid heightened concerns over data breaches, third-party risk, and loss of intellectual property. As a result, nearly half (48%) of organizations have the ability to detect a potential compromise as soon as one occurs or within minutes of it happening.

Dark Reading’s 2021 Incident Response Survey polled 215 IT and cybersecurity professionals from over 20 industries on a variety of issues that pertain to organizational ability to detect and respond to security incidents. The results reveal an upswing in SOC capabilities. A substantially higher percentage of organizations report that they have a formal SOC capability and incident response teams of 15 or more staff members.

Likely as a result of these changes, more respondents this year describe their organization as able to detect most security incidents in near-real time, or within minutes. More than half, 56%, say they remediate most security incidents within minutes or hours of occurrence, compared with 52% in last year’s survey.

Other survey highlights include:

  • 21% of organizations, compared with 11% in Dark Reading’s 2020 survey, report having a dedicated IR team of 15 or more people.

  • 38% of organizations currently have an SOC and another 12% plan to build one internally.

  • 58% of survey respondents say that less than 10% of the security incidents they have experienced had a significant negative impact on the organization.

  • 17% of IT and security leaders surveyed — compared with 10% last year — say they are most concerned about credentialed users misusing data.

  • 44% of organizations report being well connected with the IR teams of business partners, or at least exchange data that might indicate a compromise.

The full report, The State of Cybersecurity Incident Response, can be read here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights