Many Security Operations Centers Are Falling Short
Security Operations Centers are not mature, so companies are shifting to outsourcing, managed security services and automation to cope with talent shortages.
Over the past 5 years, 27% of cyber-defense organizations didn’t score even a Level 1 security operations maturity model (SOMM), which means they didn’t meet minimal requirements to provide security. (Level 5 is the top level.)
The median SOMM score of the organizations in the study was 1.36. The recommended score is a 3.
Looking at median scores by industry verticals, services organizations have had the highest SOMM scores over the past 5 years.
During the past 8 years, security leadership has been turning over an average of every 18 months.
Over the past 5 years, only 18% of the assessed organizations have been meeting business goals and working toward achieving—or have achieved—the recommended maturity level.
Of the four assessed categories—Business, People, Process and Technology—the Business category scored a median 1.52, which was the highest maturity level achieved.
In the industry verticals, the services industry maintained the highest median SOMM score of 1.76, while telecom scored the lowest at 0.97.
With a median score of 1.89, South America scored the highest median SOMM score of assessed regions for the second year in a row.
Health care continues to increase its median industry maturity score, with a 1.66 this year over last year’s 1.58 score.
The energy industry showed great maturity growth this year, increasing its median score from 1.54 in the 2016 report to 1.64 in the 2017 report.