Almost all companies planning to establish a Security Operations Center (SOC) regard artificial intelligence (AI) as a must-have component. However, despite high expectations, organizations face significant challenges in deploying and operationalizing AI effectively. These include a lack of high-quality training data, a shortage of AI-skilled personnel, substantial integration costs and emerging AI-related threats
To explore how companies build and maintain processes in SOCs, Kaspersky conducted a comprehensive global study which highlights, among other things, priorities, expectations and challenges associated with leveraging AI to elevate SOC performance[1]. The findings reveal that an overwhelming 99% of respondents plan to incorporate AI into their security operations. Among them, nearly two-thirds (67%) say they will probably do so and nearly one-third (32%) state they will definitely do so. This underscores the widespread perception of AI as a vital driver for enhancing threat detection, accelerating investigation processes and boosting overall SOC efficiency.
When it comes to practical use cases, organizations primarily expect AI to strengthen threat detection capabilities through automated analysis of data to identify anomalies and suspicious activities (57%) and to facilitate response automation, enabling rapid execution of predefined incident response scenarios (49%). These expectations align closely with the top motivations driving AI adoption in SOCs: improving overall threat detection effectiveness (49%), automating routine tasks (44%) and increasing accuracy while reducing false positives (44%). Large enterprises consistently report broader and more ambitious plans for applying AI across multiple SOC functions.
However, a clear execution gap appears when it comes to AI implementation, characterized by several critical and widespread challenges. Foremost is the lack of high-quality training data, a barrier cited by 37% of organizations as a fundamental obstacle that hampers the accuracy and relevance of AI models. This issue is further compounded by other critical concerns: a shortage of qualified AI experts within internal team (32%), the emergence of new threats and vulnerabilities related to AI usage (31%) and the high costs associated with developing and maintaining AI-driven solutions (31%). Together, these factors create a barrier that prevents organizations from turning their AI strategy into operational success, underscoring the necessity for a structured and well-supported approach.
“Organizations clearly recognize the value AI can bring to SOCs but the transition from experimentation to real SOC impact still remains challenging. Given the cybersecurity talent shortages—and AI talent being scarce as well—introducing in-house AI capabilities in a SOC remains a coveted but hard-to-achieve goal. This is why cybersecurity companies are investing in AI-powered features across their leading products. Over the past year, Kaspersky has introduced a comprehensive suite of AI-powered tools across its B2B portfolio to meet the rising demand for timely detection of more advanced threats, while also making our solutions more efficient and user-friendly,” says Anton Ivanov, Chief Technology Officer at Kaspersky.
