Many Organizations Don't Have a Security Operations Center
Even though Security Operation Centers (SOCs) are increasingly common, 48 percent of organizations don’t have one.
According to EY's 20th Global Information Security Survey, 2017–18, "This does not mean the SOC has to build capability for every possible aspect of cybersecurity strategy and leading practice," the survey said. "Many organizations choose to outsource some activities,rather than leaving them with the in-house SOC; 41% of survey respondents outsource penetration testing, for example, while 37% outsource real-time network monitoring. However, the SOC must have the means to ensure it is able to stay on top of the latest threats: open-source and paid-for resources may provide valuable intelligence and 36% of survey respondents point out their SOC collaborates and shares data with industry peers."