As cyber threats grow in volume and sophistication, almost half of Indian enterprises are planning to set up dedicated Security Operations Centres (SOCs) to strengthen their cyber resilience. A new global study by Kaspersky shows that 44% of organisations in India intend to establish SOCs primarily to improve their overall cybersecurity posture, slightly below the global average of 50%, but still indicative of strong momentum.
The research, conducted among senior IT security leaders at companies with more than 500 employees, focused on organisations that currently do not have a SOC but plan to build one soon. Spanning 16 countries across APAC, META, LATAM, Europe, and Russia, the study sheds light on why enterprises are investing in SOCs, what capabilities they prioritise, and how they balance technology with human expertise.
Why Indian companies are building SOCs
Beyond strengthening security posture, 41% of Indian respondents cited the need to respond to increasingly sophisticated and dangerous threats as a key motivation. Globally, organisations also pointed to faster detection and response, budget optimisation, and the rapid expansion of software, endpoints, and user devices as major drivers for SOC adoption.
Interestingly, SOCs are not viewed only as a defensive necessity. One-third of global respondents said SOC capabilities could provide a competitive edge, while 40% highlighted the need for better protection of confidential information and 39% pointed to regulatory compliance. Larger enterprises tend to emphasise all these factors more strongly, reflecting the scale and complexity of their digital operations.
Always-on monitoring tops the priority list
For Indian organisations, continuous monitoring stands out as the most critical SOC function. More than half (54%) plan to prioritise 24/7 security monitoring, underscoring the importance of real-time visibility and early threat detection in an environment where attacks can happen at any moment.
The study also highlights a divergence in operating models. Companies looking to fully outsource SOC operations show greater interest in “lessons learned” methodologies, while those building in-house SOCs place more emphasis on access management to retain tighter internal control.
Technology matters, but people still decide
Despite rising interest in automation and AI-driven security, Indian enterprises continue to see skilled professionals as central to SOC effectiveness. The most commonly selected technologies—SIEM platforms (47%), XDR solutions (40%), and threat intelligence platforms (38%)—are designed to automate data collection and reduce noise, but they still depend heavily on human analysts to interpret findings and make judgement calls.
Other tools under consideration include network detection and response (33%) and managed detection and response (26%). Globally, larger enterprises deploy more tools per SOC on average than smaller ones, reflecting differences in scale and complexity.
Roman Nazarov, Head of SOC Consulting at Kaspersky, notes that technology alone is not enough. Clear processes, defined goals, and continuous improvement are essential to ensure analysts can focus on high-value tasks and keep the SOC adaptive rather than reactive.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, echoes this view in the Indian context, pointing out that rapid digitalisation, cloud adoption, and critical infrastructure expansion are reshaping the threat landscape. According to him, modern SOCs succeed not by piling on tools, but by enabling skilled professionals to contextualise intelligence and respond decisively.
The bigger picture
The findings suggest that while Indian organisations are moving steadily towards SOC adoption, they are doing so with a clear understanding that cybersecurity is as much about people as platforms. In an era of automated threats, the SOC is emerging not just as a technology hub, but as a decision-making nerve centre—where human judgement remains the final line of defence.