About half of large companies worldwide plan to set up a Security Operations Center (SOC) mainly to strengthen their cybersecurity, according to a new global study by cybersecurity company Kaspersky. The research shows that while automation is growing, companies still rely heavily on human experts to make key security decisions.
SOC is a dedicated team that monitors a company’s IT systems around the clock to detect, analyze, and respond to cyber threats. Kaspersky surveyed senior IT security specialists, managers, and directors from companies with at least 500 employees. All respondents did not yet have a SOC but said they plan to establish one soon. The study covered organizations across 16 countries in Asia-Pacific, the Middle East, Africa, Latin America, Europe, and Russia.
The study found that 50% of companies plan to build a SOC to improve their overall cybersecurity, while 45% cited the need to respond to more advanced and dangerous cyber threats. Other reasons include the need for faster detection and response, budget efficiency, and the growing number of software tools, devices, and users. These factors were mentioned by 41% of respondents.
Protection of sensitive information was cited by 40% of companies, while 39% said meeting regulatory requirements was also a driver. About one-third, or 33%, said having a SOC could give them a competitive edge. Larger companies were more likely to cite all of these reasons, showing higher operational and compliance pressures.
Among planned SOC functions, 24/7 security monitoring ranked highest at 54%. This allows companies to detect suspicious activity early and respond before incidents escalate.
The study also showed different priorities depending on the SOC model. Companies planning to fully outsource SOC operations showed more interest in applying “lessons learned” practices, while those building in-house SOCs focused more on access management.
Despite using advanced tools, human expertise remains important. The most common technologies include Threat Intelligence Platforms, Endpoint Detection and Response, and Security Information and Event Management systems. These tools support analysts but still depend on human judgment.
“To successfully build a SOC, companies must focus not only on technology but also on clear goals, processes, and resource planning,” Roman Nazarov, head of SOC consulting at Kaspersky, said. “This helps analysts focus on critical tasks and makes the SOC more effective over time.”