Many Security Operations Centers Are Falling Short
Many Security Operation Centers Are Falling Short
Security Operations Centers are not mature, so companies are shifting to outsourcing, managed security services and automation to cope with talent shortages.
Security Operations Lack Maturity
Over the past 5 years, 27% of cyber-defense organizations didn’t score even a Level 1 security operations maturity model (SOMM), which means they didn’t meet minimal requirements to provide security. (Level 5 is the top level.)
SOMM Scores Fall Short
The median SOMM score of the organizations in the study was 1.36. The recommended score is a 3.
Service Organizations Improving the Most
Looking at median scores by industry verticals, services organizations have had the highest SOMM scores over the past 5 years.
Rapid Leadership Turnover
During the past 8 years, security leadership has been turning over an average of every 18 months.
Meeting Business Goals and Maturity Levels
Over the past 5 years, only 18% of the assessed organizations have been meeting business goals and working toward achieving—or have achieved—the recommended maturity level.
Business SOMM Tops Other Categories
Of the four assessed categories—Business, People, Process and Technology—the Business category scored a median 1.52, which was the highest maturity level achieved.
Services Score Better Than Telecom
In the industry verticals, the services industry maintained the highest median SOMM score of 1.76, while telecom scored the lowest at 0.97.
South America Had Best Regional Score
With a median score of 1.89, South America scored the highest median SOMM score of assessed regions for the second year in a row.
Health Care SOMM Rising
Health care continues to increase its median industry maturity score, with a 1.66 this year over last year’s 1.58 score.
Energy Industry Maturing Rapidly
The energy industry showed great maturity growth this year, increasing its median score from 1.54 in the 2016 report to 1.64 in the 2017 report.
