With 71% of cyber professionals reporting increased threats since the COVID-19 pandemic started, are SOCs prepared to mitigate these threats? The Exabeam 2020 State of the SOC report revealed 40% of companies reported being understaffed, which puts additional strain on security teams and makes their jobs much more challenging.
In this post, we’ll share insights from Exabeam’s latest survey of 1,005 U.S. and U.K. cybersecurity professionals who manage and operate SOCs. Our study included CIOs (50%) and security analysts and practitioners from companies across 12 different industries. Employee size ran the gamut, although the majority (53%) had between 100-249 security professionals.
In our survey, we asked respondents about:
- Staff redundancies
- Finance and budget
- Cyberattacks and implications
- Challenges working remotely
Key Takeaway: The results of our survey paint a striking picture of SOC organizations trying to manage more significant security threats with fewer resources.
Despite increasing cyber threats, furloughs are common
Unfortunately, despite the increase in cyber threats, our survey found three-quarters of organizations had to furlough members from the SOC team. About 50% had to furlough between 1-2 employees. The U.S. furloughed fewer SOC employees compared to their U.K. counterparts.
Figure 1: Seventy-five percent of organizations had to furlough SOC staff.
SOC teams are negatively impacted by redundancies
Overall, 68% of companies report having laid off staff members. The majority had between 1-3 employees laid off. U.S. SOCs had fewer layoffs compared to the U.K. SOCs.
Figure 2: Almost 30% of companies laid off two staff members from their security teams.
Hiring is deferred for many companies
Given the furlough and redundant findings, it’s no surprise that 57% of the companies had to defer hiring since the start of the COVID-19 pandemic. A higher percentage of U.S. companies (71%) delayed hiring compared to the U.K. with 42% deferring.
Figure 3: Fifty-seven percent of organizations had to defer hiring.
Security technology investments are also deferred
The COVID-19 pandemic has not only harmed people, but it also forced 60% of companies to defer investments in security technology, which were previously planned. The U.S. had a higher deferment rate of 68% compared to the U.K. rate of 51%.
Figure 4: Nearly sixty percent of organizations had to defer investments in security technology previously planned.
More companies report seeing an increase in cyberattacks
Unfortunately, only 18% of companies overall had not seen an increase in the number of cyberattacks since the beginning of the COVID-19 pandemic. Eighty-eight percent of U.S. companies reported seeing slightly more and considerably more attacks compared to 74% of U.K. organizations.
Figure 5: Eighteen percent of organizations reported not having an increase in the number of cyberattacks since the beginning of COVID-19.
Working remotely introduces new challenges
Remote work has presented challenges for many SOC staff members. No doubt reduced staff numbers made their jobs even more difficult. Respondents cited communications within their security team as the most significant challenge mitigating threats while working remotely, followed by communications with other IT departments. Twenty-nine percent reported difficulty investigating attacks. There was little significant variance in problems between U.S. and U.K. companies, although a higher percentage of U.S. companies 40% had more difficulty communicating with other IT teams compared to 22% in the U.K.
Figure 6: Twenty-nine percent of organizations reported difficulty investigating attacks.
Distractions at home lead to mistakes
The shift to WFH has harmed many employees’ mental states and their ability to do their jobs. Some of the biggest challenges working remotely included being more prone to making mistakes due to distractions in the house — 49%, increased blurring of the line between personal and operated computers and data — 42% and learning new tools — 39%.
Figure 7: Forty-nine percent of security professionals were prone to making mistakes due to distractions in the home.
Most companies continue to use/invest in automation tools
With fewer SOC staff, automation tools are essential in mitigating security threats. Only 17% of companies decreased their use/investment in automation tools. Fifty-two percent reported neither increased/decreased use or investment. Only 8% of the U.S. reduced their use/investment in comparison to 26% of U.K. organizations.
Figure 8: Seventeen percent of companies decreased their use/investment in automation tools.
Most organizations have experienced a successful cyberattack since the pandemic started
Thirty-three percent of overall companies reported encountering a successful cyberattack since the beginning of the pandemic. There were no significant variances between U.S. and U.K. companies
Figure 9: Thirty-three percent of companies reported experiencing a successful cyberattack since the beginning of the COVID-19 pandemic.
Mitigation and legal costs are the top consequence of cyberattacks
Companies reported several consequences of successful cyberattacks. The most common effect was mitigation and legal costs — 44%, followed by loss of business revenue — 41% and a negative impact on brand reputation — 41%.
Figure 10: Forty-four percent of companies reported mitigation and legal costs were a consequence of successful cyberattacks.
Cyberattacks have broad-reaching financial implications
Considering many organizations are seeing a financial impact due to the pandemic, the additional cost of a cyberattack could not come at a worse time. Regarding lost business revenue, our survey found in the U.S., 35% lost between $38K-63K, and 14% reached losses of $63K-95K; in the U.K., 40% lost between £30K-50K. In terms of the financial impact on a brand, in the U.K., 43% saw between £30K-50K in losses; in the U.S., 38% reported between $38K-63K in losses. Also, 7.5% in each region lost between £50K-75K or $63K-95K.
Concerning the financial impact of legal and mitigation costs, in the U.K., 33% spent between £20K-40K; in the U.S., approximately 30% spent between $38K-63K, and for 11 % the costs hit the $63K-95K range.
Most companies experienced downtime since the beginning of COVID-19
Since the beginning of the COVID-19 pandemic, 97% of companies experienced downtime between 1-4 hours. Fortunately, only 3% reported downtime higher than four hours.
Figure 11: Only 3% percent of companies experienced downtime greater than four hours.
Actionable insights for SOCs
The findings from our survey clearly show many SOCs have to manage a much more significant number of cyber threats with a leaner staff. Exabeam is committed to helping you and your SOC get through the COVID pandemic. Here are a few resources to help: