top of page

#Step 2: Associated $$$ of The Invisible Gorilla in your SOC

Updated: Mar 18, 2021

Authors: Ema Rimeike and Mykyla Jones

We highly recommend reading our previous blog about The Invisible Gorilla experiment and how we apply it as a metaphor to Security Services Operations efficiency. The link is here: 'Step 1: Do you have The Invisible Gorilla in your SOC?'.

Before committing to write this blog, we have dived into 'How to Measure Anything in Cyber Security' book by Hubbard and Seiersen, FAIR security framework and several third party research reports.

Our research concludes that there is no single financial expression that illustrates optimized SOC value as it varies from organization to organization. However, reports by Ponemon Institute, Accenture, Deloitte suggest that on an Operational Level, inefficient SOC may cost your business an extra $6M per annum when compared with an optimized SOC. On a Tactical Level, certain preventative actions may lead to a reduced data breach cost by $3.5M or a cost increase by nearly $2M. On a Strategical Level, an optimized SOC value starts from $1M and can quickly scale to multi-million U.S. Dollars annually taking into account improved cyber resilience and reduced SOC turnover cost.

The Perspective of Data Breach Impact to Business

The costs stemming from a cyberattack can vary tremendously, but are inarguably significant. Recent studies have shown that the average cost of a data breach to Small Business can range from $120,000 to $1.24M. On an industry level, the average data breach cost may differ 7x if we compare Public sector with Healthcare. The greater the scale of the breach, the deeper it will hit the organization's pockets, as illustrated in below image.

Source: Quantum Cybersecurity Skills

It is a great practice to regularly assess business risk likelihood and impact on business that is specific to your organization, however, getting the data for such calculations can be tricky. The key is not only to budget annual data breach cost or downtime cost which is said to vary between $300k p/hour (Gartner) to $540k p/hour (Avaya), but to look at the post-breach impact to business (Deloitte). Equifax breach dating back to 2017 is great illustration of a post-breach cost existence. Their initial data breach bill was estimated at ca. $380 M while the final bill is said to have reached nearly $ 1.4 B.

In order to help reduce business risks, organizations rely on their SecOps/SOC services. Ponemon Institute study found that 73% of respondents place their SOCs as crucial elements within their cybersecurity strategy.

Are you taking a full advantage of your SecOps? How can you measure SOC optimization (efficiency, maturity, sustainability) value to your business?

SOC Optimization Value at Operational Level

According to Accenture Cybersecurity Report 2020, optimized SOC is more than 3x more cost effective when it comes to an average cost per attack per incident. It also highlights that an optimized SOC find more breaches compared to a non-optimized SOC. They also identify breaches faster, stop more attacks and fix breaches faster.

Source: Quantum Cybersecurity Skills

The operational speed and efficiency is not just pretty numbers, however, they directly affect SecOps annual budget bottom line and can be directly linked to cyber resiliency. Companies able to detect and contain a breach in under 200 days spent on average $1.1 million less (Source: CSOonline). In the sample above, the calculation suggests that SecOps inefficiency could cost the organization $6M p/annum.

SOC Optimization Value at Tactical Level

Ponemon Global Cost of Data Breach Study 2020 suggests how data breach cost could be manipulated based on the tactics your organization has chosen.

Source: Quantum Cybersecurity Skills based on Ponemon Global Cost of Data Breach Study 2020

Another angle of tactics could be SecOps processes. High performers can improve the pain of working in a SOC by nearly 30% through simplifying the processes (Source: Ponemon Institute).

And how about inter-departmental collaboration to achieve Integrated Operations Defense? Can the price tag be put there? Yes, it can. Organizations best at collaborating are 2X better than the rest at defending attacks, better protect their ecosystems and benefit from improved alignment with regulatory requirements (Source: Accenture). According to market research firm IDC, companies lose 20-30% in revenue every year due to inefficiencies.

SOC Optimization Value at Strategic Level

Two most important factors in any cybersecurity program are trust and people. Trust underpins all the decisions executives make about tools, talent, and processes (Source: McKinsey). People are beyond strategy, tactics and technology. Optimized SOCs who have managed to achieve a higher maturity level are acting as internal Trusted Security Partner to the Board. One of such benefits to the business is that strategically operating SOC is capable of capturing early business risks indicators for an improved decision making at the Board level.

Recently, Ponemon Institute has conducted an annual Security Operations Center Performance Report. It found that 78% of the respondents said working in a SOC is harmful to their mental health. Additionally, 60% say the stress of working in the SOC has caused them to consider changing careers or leaving their jobs. 69% said it is very likely or likely that experienced security analysts would quit the SOC. Optimized SOCs are 40% better at handling this challenge and thus reducing SOC turnover cost to the employer.

Source: Quantum Cybersecurity Skills

The above sample illustrates SOC optimization value difference between optimized SOC and non-optimized SOC in terms of avoiding annual SOC turnover costs. It starts from nearly $300k/annum and can quickly double if we take into account that the Employer's turnover cost could be at 213% which includes shadowing the vacant position, finding new talent, onboarding and training them until they are ramped up at full speed.

Let's touch briefly how optimized SOCs help reduce business risk.

Source: Quantum Cybersecurity Skills

The calculation above illustrates that an optimized SOC is better at reducing the likelihood of data breach happening on an annual basis thus significantly reducing business risk and potential losses associated with it. In this sample, we can clearly see that the SOC service value to the business delivered by an optimized SOC quickly scales into multimillion US Dollar value compared to non-Optimized SOC service value.

Optimized SOCs are more cyber resilient. They invest in operational speed, they drive value from new investments and they sustain what they have (Source: Accenture). One of the ways to achieve cyber resilience is through training of SOC analysts which is ranked as one of the most important SOC activities. The organizations who focus on training are 2X better than the rest at defending attacks, faster at discovering and fixing breaches (Source: Accenture).


To be effective, you need to mature your SOC not only at Operational Level, but build a maturity roadmap of scaling, sustaining and increasing SOC efficiency at Tactical and Strategical Levels. When we speak with customers, they usually have a good idea where they want to be, however, 'Where Are We Now?' versus 'How Do We Get There?' is often a challenge - that's exactly our bread and butter! We praise ourselves for the focus we put into not only pragmatically justified SOC optimization success recipes, but also scientifically justified SOC optimization methodologies. And we keep it fresh and relevant for you!

Email us: info (at) QuantumCybersecuritySkills (dot) com

We also recommend watching our webinar on 'Business Risks Posed by NON-Optimized SOC'

#SOCoptimization #SOCmaturity #SOCscalability #SecOps #SOCsuperposition #InfoSec #SOCsustainability

Our approach is to focus on optimizing Security Services Operations / Security Operations Centers (SOCs) and deliver it through people, processes and technology to address business needs. Reach out to us:

E: W:

T: @SOCoptimization L:

155 views0 comments
bottom of page