Almost all the companies planning to create a Security Operations Center (SOC) view Artificial Intelligence as a core component. However, despite high expectations, organizations face significant challenges when deploying and operationalizing AI effectively. Chief among them are the lack of high-quality training data, the shortage of professionals with AI expertise, the high integration costs, and the emergence of new threats related to the use of this technology.
To analyze how companies build and maintain processes within SOCs, Kaspersky conducted a global study that highlights, among other things, the priorities, expectations, and challenges associated with using AI to improve SOC performance. The results show that 98% of respondents in Spain plan to incorporate AI into their security operations. Of them, more than half (53%) say they will probably do so, while another 45% assert they will do so with total certainty. This reflects the widespread view of AI as a key driver for improved threat detection, faster investigation processes, and increased overall SOC efficiency.
Regarding practical use cases, Spanish organizations mainly expect AI to strengthen threat-detection capabilities through automated data analysis to identify anomalies and suspicious activity (59%), as well as to facilitate automated response by enabling rapid execution of predefined incident response playbooks (37%). These expectations relate to the main motivations for adopting AI in SOCs: improving overall threat-detection effectiveness (42%), automating routine tasks (40%), and increasing accuracy by reducing false positives (40%). Large enterprises consistently indicate broader, more ambitious plans to apply AI across multiple SOC functions.
Nevertheless, there is a clear gap between strategy and execution in AI implementation, marked by several critical and widespread challenges. The primary one is the lack of high-quality training data, cited by 29% of organizations in Spain as a fundamental obstacle that limits the accuracy and relevance of AI models. Added to this are other key concerns: the shortage of qualified AI experts within internal teams (32%), the emergence of new AI-related threats and vulnerabilities (29%), and the high development and maintenance costs of AI-based solutions (25%). Taken together, these factors hinder organizations from turning their AI strategy into operational success, underscoring the need for a structured and well-supported approach.
“Organizations clearly recognize the value AI can bring to SOCs, but the transition from experimentation to real operational impact remains complex. Given the cybersecurity talent shortage, and with AI talent even more limited, introducing internal AI capabilities into a SOC remains a highly desired but hard-to-reach goal. That is why cybersecurity companies are investing in AI-powered capabilities within their flagship products. Over the past year, Kaspersky has rolled out a comprehensive set of AI-powered tools in its B2B portfolio to meet the growing demand for timely detection of more advanced threats, while also improving the efficiency and usability of its solutions,” says Anton Ivanov, Chief Technology Officer at Kaspersky.
