2022 Security Operations Study: Executive Findings

During December 2021 and January 2022, Topo.ai, LifeRaft, Constant Technologies and Regroup conducted the inaugural Security Operations Benchmark Study. 175 security operations (SecOps) professionals contributed to the study, with 84% of the participants in an executive or leadership role.

Participants provided insights into their priorities, objectives and challenges, in addition to success factors, ROI measures and technologies. The report examines the key findings of the study and identifies best in class organizational attributes that are most highly correlated with SecOps success. The findings include:

• One quarter of study participants indicate that SecOps is a critical priority for their executives. In contrast, nearly one third of executives treat SecOps as either a low priority – important only during a crisis, or a medium priority – exists primarily to satisfy compliance and regulatory requirements.
• Executive priority exhibits a strong correlation with success in SecOps. A lack of executive priority exhibits a strong correlation with limited success.
• In half of the organizations studied, SecOps is managed as a cost center. They do not measure Return on Investment (ROI).
• Organizations that do measure ROI indicate above average success in SecOps. Organizations that do not measure ROI indicate below average success.
• Opportunities for continuing improvement persist. For every challenge examined, fewer than half of the participants indicate the challenge is fully addressed.
• The most persistent challenges share a common characteristic – the SecOps team has little if any ability to directly control the challenge.
• For certain persistent challenges, security teams have found ways to overcome and succeed. But other persistent challenges are correlated with a low degree of success.
• The use of a common operating picture is equally prevalent in smaller and larger organizations.
• The use of a common operating picture correlates with higher success in SecOps while the lack of a common operating picture correlates with limited success.
• The top three features of common operating pictures indicate a strong preference for choice and flexibility in leveraging threat intelligence.
• A shift from reactive to proactive critical event management is a common aspiration. Today, only 7% of study participants describe their approach as proactive. In two years, 73% expect to be more proactive than reactive.