Kaspersky: 48% of Middle East Companies Plan to Build SOCs to Strengthen Cybersecurity

Among the primary reasons for establishing a Security Operations Center (SOC) are strengthening cybersecurity posture, enabling faster detection and response and gaining a competitive edge. Interestingly, despite the increasing demand for automated cybersecurity solutions, businesses rely on skilled security professionals to make key decisions, as human expertise remains essential for effective security management.

A Security Operations Center (SOC) is a dedicated organizational unit responsible for continuous monitoring and safeguarding of a company's IT infrastructure. Its core mission is to proactively detect, analyze and respond to cybersecurity threats. To identify the main drivers, strategic priorities, and potential challenges in SOC planning and implementation, Kaspersky has conducted a comprehensive global study involving senior IT security specialists, managers and directors from companies with 500 or more employees. All participants operate without a SOC but have plans to establish one in the near future. The study spans 16 countries across APAC, META, LATAM, Europe, and Russia, including the Middle East, providing valuable insights into the emerging trends and best practices in SOC development worldwide.

The findings of the research reveal that 48% of companies in the Middle East intend to establish SOCs to strengthen their cybersecurity posture, and 41% are motivated by the need to address increasingly sophisticated and dangerous threats. Other drivers include budget optimization (45%), the necessity for faster detection and response (40%), and the expansion of software, endpoints and user devices (44%) - factors that demand more comprehensive and layered security measures. Additionally, 38% seek better protection of confidential information, 39% aim to meet regulatory requirements and (34%) expect SOC capabilities to provide a competitive edge. Larger enterprises tend to cite each of these reasons more often, reflecting the broader operational and regulatory pressures they experience.

Continuous monitoring becomes the leading SOC requirement

Among the key functions organizations in the Middle East plan to delegate, 24/7 security monitoring leads at 56%. This around-the-clock vigilance enables early detection of anomalies, prevents escalation and sustains cyber resilience in real time. This demand highlights a strategic requirement for proactive risk management, as organizations aim to defend against persistent threats that can strike at any moment.

Companies intending to fully outsource SOC operations show a stronger interest in applying “lessons learned” methodologies, whereas those developing internal SOCs focus more on access management to maintain tighter control.

Human expertise drives SOC technology choices

While SOCs use advanced technology, the choices made by organizations in the Middle East show that human analysts are very important. Among the solutions that organizations plan to include in SOC are - Threat Intelligence Platforms (49%), Endpoint Detection and Response (30%) and Security Information and Event Management systems (42%) - are sophisticated solutions that automate data collection and reduce operational load, however, they depend heavily on skilled security professionals who provide critical context, interpret complex findings and make final decision when guiding appropriate responses.

Other solutions chosen include Extended Detection and Response (35%), Network Detection and Response (41%) and Managed Detection and Response (35%). Large enterprises tend to adopt more technologies (5.5 per SOC on average), while smaller ones integrate fewer (3.8).

"To successfully build a SOC, companies must prioritize not only the right mix of technology but also the careful planning of processes, clear goal-setting and effective resource distribution. Well-defined workflows and continuous improvement are essential to ensure that human analysts can focus on critical tasks, making the SOC a proactive and adaptable component of their cybersecurity strategy," comments Roman Nazarov, Head of SOC Consulting at Kaspersky.