Kaspersky highlights key pitfalls and bottlenecks in building Security Operations Centres (SOC) for APAC organisations

Organisations that reach a measurable level of size and influence as well as those that operate in high-risk digital environments such as financial institutions and government linked organisations will inevitably encounter heightened cybersecurity risks. Rather than piecemeal efforts, organisations ideally need to establish a Security Operations Centre (SOC) though it is something easier said than done. 

While the need to establish an SOC is critical,  the burning question affecting many CTOs and organisations is just what is needed to get one up and running without running over budget while retaining the flexibility and capabilities required to stay ahead of emerging cyberthreats.

Source: Kaspersky

Based on Kaspersky’s global study, many organisations are planning to establish a SOC to improve their overall security posture but often encounter multiple challenges. Here’s the key insight and challenges that Kaspersky’s research has uncovered on organisations in the APAC region that are considering or are in the midst of establishing a Security Operations Centre (SOC).

Establishing Security Operations Centre (SOCs) – Key APAC Insights

According to Kaspersky, the average planned budget to set up an SOC globally is approximately 2 million USD, though what gets issued varies significantly. In the Asia Pacific (APAC) region, 93% of organisations typically plan for a budget below 1 million USD with the remainder issued anything from more than 1 million USD all the way to 5 million USD.

This expenditure is typically pegged towards company size and their level of SOC outsourcing with larger organisations usually looking to establish higher level SOC projects while smaller organisations by dint of having less resources end up establishing more modest SOC projects with what they have.

“The budget required to establish an SOC can vary widely, such that any figure can be considered realistic. The initial investment primarily covers licenses and hardware, with costs heavily influenced by the scale of the infrastructure and the chosen product suite. It’s important to view this as a capital expenditure phase. Subsequently, substantial operational costs – particularly personnel salaries – will shape the overall total cost of ownership. To ensure that these investments are effective and aligned with organisational needs, it is crucial to develop a strategic plan that clearly defines objectives, processes, and milestones from the beginning. This approach helps maximise the return on investment and builds a resilient cybersecurity posture,” says Roman Nazarov, Head of SOC Consulting at Kaspersky.

Further scrutiny also revealed a few interesting differences with organisations in Vietnam and China notably willing to invest more than the global market average of 1 million USD for SOC capabilities.

Money is one thing and getting an SOC up and running still takes time though this is also contingent on a host of factors with 69% of companies in APAC looking to establish their SOC within 6-12 months while 25% had more conservative estimates with up to two years to establish their SOC.

While logic would imply that larger companies would take more time to establish SOCs owing to more complex operating environments, they are also far more likely to prioritise SOC deployment with a SOC initially focused on critical segments before expanding to cover other company assets in stages.

Even with funding and time, other challenges gum up the works and bottleneck SOC deployment. Many organisations (30%) found integrating multiple solutions and systems a challenge.

Further, nearly 1 in every 3 APAC organisations cite a lack of expertise among existing employees (29%) and even the external labour market (24%). Other challenges include managing complex security solutions (29%), a lack of a clear action plan (26%) and difficulties in establishing internal processes (26%).

“Based on our research results for APAC, it is clear that the conversation around SOCs has shifted from ‘how do we build one?’ to ‘how do we prove it truly delivers value?’ The challenge in establishing SOC here is not just budget or technology in isolation, it is complexity,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

“Leaders are under pressure to justify investment with measurable outcomes, integrate multiple security layers into a coherent operation, and build processes that can actually scale. At the same time, the talent gap remains a structural constraint, making operational excellence harder to achieve than strategic intent. For APAC businesses operating in high-growth, high-risk digital environments, the real differentiator will be discipline: clear metrics, integrated architecture, and the right mix of expertise to turn security operations into a strategic advantage rather than a cost center,” adds Hia.

To meet the needs of organisations of various capabilities, sizes and budgets, Kaspersky offers a full spectrum suite of solutions in their line-up that include Kaspersky SOC consulting for initial setup or enhancing existing operations, Kaspersky SIEM that offers actionable threat intelligent, Kaspersky Next solutions for protection against a wide range of threats and Kaspersky Threat Intelligence for timely intelligence and identification of cyber risks.

For those who lack dedicated personnel to perform key Security Operations Centre functions, Kaspersky Managed Detection and Response as well as Kaspersky Incident Response solutions are able to cover and support the complete incident management cycle. For more on Kaspersky, check out their official link here.