For most organisations planning to build a Security Operations Center (SOC), the question is no longer whether to invest, but what it will take to make it operational. The findings of Kaspersky’s global study reveal that behind seemingly similar plans, companies face different realities when turning SOC concepts into operational capabilities.

Kaspersky conducted a survey among senior IT security professionals, managers, and directors from organisations with 500 or more employees, and focused on companies that do not yet have an SOC but plan to establish one in the near future. The respondents in this study come from 16 countries.

The research highlights that building an SOC comes with a range of challenges that are considered during the planning stage. High capital costs were among top difficulties, being mentioned by one third of respondents (33%). At the same time, many organisations struggle with evaluating SOC effectiveness (28%), as this often involves a wide range of KPIs, from financial metrics like Return on Investment (ROI) and operational benchmarks such as Mean Time to Detect (MTTD) and Mean Time to Response (MTTR), to strategic objectives like ensuring compliance with industry standards.

Additionally, companies grapple with managing complex security solutions (27%) and integrating multiple systems and technologies (26%). A quarter of companies also point to a lack of expertise, both among existing employees (25%) and in the external labour market (25%), underlining that human resources remains a critical constraint alongside technology and budgets.

When it comes to timelines, two thirds of companies (66%) expect to build their SOC within 6-12 months, while more than one quarter (26%) anticipated longer projects lasting up to two years. Despite operating more complex environments, large companies are more likely than mid-sized organisations to prioritise faster SOC deployment. In practice, this often means launching an SOC for critical segments first and then expanding coverage across the infrastructure in stages. 

According to the study, planned spending strongly correlates with company size and their level of SOC outsource, as smaller companies tend to focus on more modest investments, whereas large organisations are far more likely to plan costly SOC projects, reflecting broader infrastructure coverage and higher operational demands. 

“The budget required to establish an SOC can vary widely. The initial investment primarily covers licenses and hardware, with costs heavily influenced by the scale of the infrastructure and the chosen product suite. It’s important to view this as a capital expenditure phase. Subsequently, substantial operational costs – particularly personnel salaries – will shape the overall total cost of ownership. To ensure that these investments are effective and aligned with organisational needs, it is crucial to develop a strategic plan that clearly defines objectives, processes, and milestones from the beginning. This approach helps build a resilient cybersecurity posture," says Roman Nazarov, Head of SOC Consulting at Kaspersky.

Comprehensive consulting services help companies build a robust SOC and streamline its processes. Engage with a service like Kaspersky SOC Consulting during the initial setup or when enhancing your existing security operations. If you lack dedicated personnel to perform key SOC functions, use services like Kaspersky Managed Detection and Response and Kaspersky Incident Response that cover the entire incident management cycle – from threat identification to continuous protection and remediation. They help to protect against evasive cyberattacks, investigate incidents and get additional expertise.