Greater Noida: Most companies choose to outsource at least part of their Security Operations Center (SOC), with a significant number adopting SOC-as-a-Service (SOCaaS), according to research by Kaspersky. This strategic move enables organizations to benefit from round-the-clock protection, ensure compliance with regulatory standards and leverage advanced cybersecurity solutions and qualified expertise that are often beyond their internal capabilities.
As cyberthreats become increasingly sophisticated, organizations are rethinking how they build and operate their Security Operations Centers. With this in mind, Kaspersky carried out a comprehensive global survey to identify the main motivations, strategic goals, and potential challenges associated with its planning and implementation. The findings of this research revealed that 81% of companies plan to outsource part of their SOC, combining internal capabilities with external expertise. Meanwhile, over a quarter of respondents 11% are ready to fully implement an SOC-as-a-Service (SOCaaS) model. By contrast, only 8% plan to build their SOC entirely in-house, highlighting the growing challenges of maintaining round-the-clock monitoring and attracting qualified specialists.
The survey involved senior IT security professionals, managers, and directors from organizations with 500 or more employees, and focused on companies that do not yet have a Security Operations Center (SOC) but plan to establish one in the near future. The respondents in this study come from 16 countries, including Germany, Spain, Italy, Brazil, Mexico, Colombia, Singapore, Vietnam, China, India, Indonesia, Saudi Arabia, Turkey, Egypt, the United Arab Emirates, and Russia.
SOC outsourcing enables organizations to delegate selected SOC functions or even the entire operational cycle to a trusted external provider. This approach can include a variety of services:
- Design and architecture of the SOC
- Deployment and maintenance of SOC technologies
- Monitoring and analysis by external security analysts
- Consulting and training services
- Full SOCaaS delivery, where the provider handles detection, investigation and response around the clock.
Most companies prefer maintaining strategic tasks internally, whilst leveraging external teams and advanced technologies for operational and highly technical workloads. Among organizations planning to outsource SOC functions, the most commonly delegated tasks to third-party providers included solution installation and deployment 40%, solution development and provisioning 44%, and SOC design 42%.
When engaging external SOC specialists, companies also showed a clear preference for augmenting specific roles, with first-line analysts 89% and second-line analysts 63% being the most in-demand among external specialists. These figures illustrate that companies focus more on frontline and intermediate security tasks, such as monitoring and responding to threats.
Why do organizations choose SOC outsourcing?
The primary drivers behind SOC outsourcing are operational rather than financial. The need for continuous, 24/7 security coverage remains a major factor, cited by 51% of organizations, as many internal teams struggle to sustain round-the-clock monitoring. Even more significant is the pressure on internal IT security staff, with 57% of companies outsourcing to reduce workload and allow in-house teams to focus on higher-value, strategic initiatives.
Access to advanced security technologies and expertise also plays a key role, with 22% of organizations highlighting the importance of sophisticated tools such as XDR, MDR, and MXDR, while 36% point to the need for external support in meeting regulatory and compliance requirements. Notably, cost optimization ranks lower on the list, mentioned by just 20% of respondents, reinforcing that the real value of SOC outsourcing lies in stronger security posture and improved operational efficiency rather than cost savings alone.
“The trend towards outsourcing SOC functions, whether fully or partially, is primarily driven by the necessity for enhanced operational focus and strategic agility. By shifting routine and technical tasks externally, organizations are able to concentrate on high-value activities such as strategic decision-making and orchestrating responses to sophisticated threats. Moreover, this approach often results in considerable cost efficiencies, allowing for optimized resource allocation. Ultimately, this model transforms the SOC into a critical strategic capability, directly contributing to business continuity,” comments Sergey Soldatov, Head of Security Operations Center at Kaspersky.
Adding to that Adrian Hia, Managing Director for Asia Pacific at Kaspersky says,”Across APAC, organisations from different industries are shifting away from debates about whether cybersecurity matters to a more practical question, how SOC teams and intelligence can remain effective over time amid growing operational and regulatory demands. As digital dependence and regulatory expectations increase, leaders are recognising that resilience depends on how expertise and responsibility are structured, not just where systems sit”
