How are organizations using AI and automation in their security operations centers (SOCs) in 2024?

We reviewed thousands of cybersecurity statistics from 2024 to find out.

Long story short: Most companies appear to be integrating AI across key security functions like prevention, detection, investigation, and response. The benefits of doing so are massive (e.g., improved threat identification, reduced operational workloads, and accelerated breach containment). But the risks of AI are not to be underestimated, either.

AI in the SOC

Organizations are deploying AI in their SOCs

  • 2 out of 3 organizations deploy security AI and automation across their security operations center, a 10% jump from the year before. (IBM)
  • 27% of organizations use AI and automation across 4 security categories: prevention, detection, investigation and response. (IBM)
  • Among organizations that stated they use AI and automation extensively, 27% used it for prevention, investigation and response, and 24% used it for detection. (IBM)
  • 44% of security executives cite AI as among their three main initiatives in 2024, surpassing cloud security at 35% and security analytics at 20%. (Splunk
  • Leading organizations are more likely to innovate with AI, with 48% declaring it as a top initiative, compared to 30% of their less mature peers. (Splunk

... with security tools are also increasingly utilizing AI

  • 100% of enterprises reported an improvement across their security stack since deploying AI. (Netacea)
  • 100% of enterprises have incorporated AI within their security stack to some degree. (Netacea)
  • 62% of enterprises said their DDoS protection solution utilises AI. (Netacea)
  • 53% of enterprises said their WAF solutions utilize AI. (Netacea)
  • 43% of enterprises said their API security solutions utilize AI. (Netacea)
  • 33% of enterprises said their bot management solutions utilize AI. (Netacea)
  • 90% of CISOs said they are confident in the defensive AI capabilities of perimeter defenses such as WAF, DDoS and API security. (Netacea)
  • 73% of security executives say tools with traditional AI and ML capabilities can generate false positives, and 91% say they require tuning. (Splunk)  

Many think AI will be able to help their security in some way 

  • Among the technical and business professionals surveyed 53% believe they can use AI for monitoring network traffic and detecting malware, 50% for analyzing user behavior patterns, 48% for automating response to cybersecurity incidents, 45% for generating tests of cybersecurity defenses, 45% for automating configuration of cybersecurity infrastructure, and 45% for predicting areas where future breaches may occur. (CompTIA)