The time it takes for cybersecurity teams to detect system compromises, known as dwell time, has grown, but the majority are overconfident about their abilities, according to a report published today.

The 2020 State of the SOC Report, published today by security information and event management (SIEM) provider Exabeam, surveyed cybersecurity professionals working in security operations centres (SOCs) across Germany, Australia, Canada, the US and the UK.

It found that cybersecurity professionals generally give a positive assessment of their ability to detect threats, with 82% saying they were confident about the matter.

However, research from CrowdStrike has shown that dwell time grew by an average of 10 days between 2018 and 2019 – during which cybercriminals could enact considerable harm.

“From 2018-2019, we learned that dwell time – or, the time between when a compromise first occurs and when it is first detected – has grown,” said Steve Moore, chief security strategist at Exabeam.

“Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyberthreats.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Why the perceptions of cybersecurity teams matters

While this may not seem like a huge concern for businesses, it matters because many businesses will use the self-assessment of cybersecurity teams to inform decisions about cybersecurity funding and related operational choices.

And while many working in the field may feel that their employers often don’t listen to them, there are signs that this is not the case.

“We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more,” said Moore.

“However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”

The report also found differences in priorities between analysts and cybersecurity teams. While the former currently see distributed denial of service (DDoS) attacks and ransomware as the biggest concern, those leading SOCs consider phishing attacks and supply chain vulnerabilities to be a greater priority.


Read more: Amnesty International: “Coordinated” spyware operation targets human rights activists in India