Global State of Security report reveals need for connected security operations: Splunk

Splunk's State of Security 2025 global report has uncovered mounting challenges faced by security operations centres (SOCs).

Forty-six percent of respondents said they spend more time maintaining tools than defending the organisation, while only 11% trust AI completely for mission-critical tasks. Furthermore, 66% experienced a data breach in the past year, making it the most common security incident.

With new threats such as AI-powered attacks, organisations must be fully prepared and confident in protecting themselves and their customers, Splunk said. A unified SOC that combines human expertise with AI advancements could address the challenges, the observability specialist said.

“Organisations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don’t see AI taking complete oversight of the SOC – for good reason,” said Michael Fanning, CISO at Splunk. 

“Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation.” 

Several themes surfaced in the research:

Security teams plagued by technological inefficiencies while external threats increase

When SOC workflows aren’t operating at their peak, it creates major barriers to effective threat detection and response. The report highlighted areas of inefficiencies that create risk for organisations:

- Nearly six in 10 (59%) say tool maintenance is the main source of inefficiency

- Roughly eight in 10 (78%) say their security tools are dispersed and disconnected

- Approximately seven in 10 (69%) say disconnected and dispersed tools creates moderate to significant challenges

Tool maintenance, data silos, and alert fatigue drain valuable time and impact an analyst’s ability to respond quickly and decisively: 

- Fifty-seven percent report losing valuable investigation time to data management gaps

- Nearly six in 10 (59%) have too many alerts

- Fifty-five percent have to address too many false positives

SOC analysts are overworked and understaffed 

Beyond operational hurdles, the report shed light on the pressure on SOC analysts. High stress levels, chronic understaffing, and burnout are taking a toll and put talent retention and long-term team stability at risk: 

- Five in 10 (52%) say their team is overworked

- Another five in 10 (52%) say stress on the job has prompted them to think about leaving cybersecurity altogether

- Four in 10 (43%) face unrealistic expectations by leadership

Generative AI in the SOC is paying long-term dividends for organisations 

Organisations see how AI can alleviate operational and staff shortage problems, as 59% have moderately or significantly boosted their efficiency with AI. Over half (56%) have prioritised the application of AI to security workflows this year, while one in three (33%) plan to fill skills gaps with AI and automation.

Compared to publicly available tools, 63% agree that domain-specific AI significantly or extremely enhances security operations. However, AI is not running solo as organisations keep humans in the loop to deliver trustworthy AI outcomes. 

The top three tasks that GenAI is helping across SOCs included:

- Threat intelligence analysis (33%)

- Querying security data (31%)

- Writing/editing security policies (29%)

A unified approach accelerates operations  

Minimising tool maintenance is just the starting point for the benefits of a unified security platform. Adopting a unified approach for threat detection and response leads to tighter collaboration, bringing more context and speed to investigations. Sharing information across security and observability isn't fully embraced yet, but those who have made the leap report noteworthy advantages. 

Specifically, 78% of respondents cited faster incident detection, and 66% noted quicker remediation as moderate to transformative benefits. 

The research also found that Singapore’s security operations centres made a pivot in AI trust over the past year. Regulatory and organisational drivers behind Singapore’s AI adoption included: 

- Early adoption of governance frameworks (e.g., IMDA’s Model AI Governance Framework, and MAS' AI and Data Analytics Guidelines) and upskilling initiatives (e.g., SkillsFuture AI programmes) have fostered trust in AI.

- Real-world AI use cases are boosting SOC efficiency, from automated log triage to generative AI-assisted detection engineering. Technical practices like detection as code (DAC; 57% of Singaporean SOCs have DAC capabilities) and unified security platforms (62% faster incident response) contribute.

Explore

Read the 2025 State of Security Report at https://www.splunk.com/en_us/form/state-of-security.html

*In collaboration with Oxford Economics, researchers surveyed 2,058 security leaders (including Directors of Security, VPs of Cybersecurity, Directors of Security Operations, and Security Analysts) October 2024 through December 2024. 

Respondents were in Australia, France, Germany, India, Japan, New Zealand, Singapore, UK and the US. They also represented 16 industries: Business services, construction and engineering, consumer packaged goods, education, financial services, government (federal/national, state, and local), healthcare, life sciences, manufacturing, technology, media, oil/gas, retail/wholesale, telecom, transportation/logistics, and utilities.