* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* The 2020 State of Securit...

# The 2020 State of Security Operations: Assessing Analyst Burnout

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsecops-analyst-burnout%2F)  
[](https://twitter.com/share?text=The+2020+State+of+Security+Operations%3A+Assessing+Analyst+Burnout&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsecops-analyst-burnout%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsecops-analyst-burnout%2F&title=The+2020+State+of+Security+Operations%3A+Assessing+Analyst+Burnout&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/09/secops-analyst-burnout/&ts=markdown)  
\[\](mailto:?subject=The 2020 State of Security Operations: Assessing Analyst Burnout)  
Link copied  
By [Mark Brozek](https://www.paloaltonetworks.com/blog/author/mark-brozek/?ts=markdown "Posts by Mark Brozek")  
Sep 30, 2020  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Forrester](https://www.paloaltonetworks.com/blog/tag/forrester/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)  
[StateofSecOps](https://www.paloaltonetworks.com/blog/tag/stateofsecops/?ts=markdown)  
[trends](https://www.paloaltonetworks.com/blog/tag/trends/?ts=markdown)

*This is the second blog in our* [*State of SecOps* *series*](https://www.paloaltonetworks.com/blog/tag/stateofsecops/)*discussing critical insights from The 2020 State of Security Operations report from Forrester Consulting. In this blog, we'll take a deeper dive into the top challenges facing today's security operations center (SOC), including analyst burnout.*

87% percent of today's decision makers are extremely concerned about external cyber attacks targeting their organization according to [The 2020 State of Security Operations](http://start.paloaltonetworks.com/forrester-2020-state-of-secops.html) study by Forrester Consulting. And they likely should be, given the study's finding that:

* 79% of respondents have experienced a cyber breach within the past year, and 50% in just the last six months.
* 28% of all alerts are never addressed by analysts.

Despite the substantial resources enterprises dedicate to cybersecurity, cybercriminals are too often winning the war -- proving to be relentless, and growing more sophisticated and adept at breaching an organization's data. The financial fallout of these attacks can be enormous. According to Forrester Research, the average data breach [costs as much as $7 million per incident](https://www.forrester.com/report/Your+Guide+To+Cyberinsurance/-/E-RES137808). And a [report from Accenture and the Ponemon Institute](https://newsroom.accenture.com/news/accenture-and-ponemon-institute-report-cyber-crime-drains-11-7-million-per-business-annually-up-62-percent-in-five-years.htm) revealed that cyberattacks cost businesses an average of $11.7 million each year, a 62% increase over five years. Security operations processes are not working -- and they're burning analysts out.

## Siloed Data and Manual Processes Are the Killers of SOC Productivity

In this study commissioned by Palo Alto Networks, Forrester Consulting found that the average security operations team receives over [11,000 alerts per day](https://www.paloaltonetworks.com/blog/2020/09/state-of-security-operations/). The vast majority of these alerts must be manually processed, which significantly slows down a company's alert triage process. 77% of decision makers recognize [the negative impact manual processes have](https://www.paloaltonetworks.com/blog/2020/01/cortex-secops-strategies/) on their analysts' ability to mitigate and prevent attacks:

* The majority of an analyst's time, almost 70%, is spent on investigating, triaging or responding to alerts.
* Less than one-third of their time is focused on [threat hunting](https://www.paloaltonetworks.com/blog/2020/06/cortex-start-threat-hunting/) -- where analyst expertise really makes an impact -- and process improvements to increase security efficiency and effectiveness.

## SOCs Can't Keep Up

Security analysts are being asked to fight a fire with a garden hose. Only 47% of respondents say their organizations are able to tackle most or all of the security alerts they receive in a single day. The other 53% report struggling in several ways:

* 20% of alerts are manually reviewed/triaged by an analyst.
* Almost one-third of all alerts are false positives.
* Perhaps most frightening, as noted at the beginning of this blog: 28% of alerts are never addressed by analysts because the volume is simply too high for them to keep up.

SOCs were already overwhelmed by attacks before the COVID-19 crisis emerged. The [pandemic has thrown gas on the fire](https://www.paloaltonetworks.com/blog/2020/07/unit-42-cybercrime-gold-rush/), giving cybercriminals new opportunities to breach organizations. Meanwhile, SOC analysts are taking on new tasks in their struggle to support a growing mobile workforce. One [FBI spokesperson was quoted as saying](https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic) that cybersecurity complaints to the Bureau's Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. [Gartner has indicated](https://www.gartner.com/smarterwithgartner/gartner-top-9-security-and-risk-trends-for-2020/) that responding to COVID-19 remains the biggest challenge facing most SOCs in 2020.

## Security Analysts Are Burning Out

The increasing pressure on security analysts to protect their organizations against cyberattacks is taking its toll. They are working longer hours, taking on additional pressures and reporting higher levels of stress. According to Forrester Consulting:

* 96% of analysts say they feel significant personal impact after cybersecurity breaches.
* Over one-third of respondents report feeling anguish and losing sleep as a result of attacks.

These highly skilled first responders are burning out. It's becoming very personal for them, and that too poses a risk to organizations. A recent survey of over 3,000 CISOs and senior cybersecurity decision makers shows that [almost two-thirds of cybersecurity professionals have considered quitting their jobs](https://www.zdnet.com/article/cybersecurity-staff-burnout-risks-leaving-organisations-vulnerable-to-cyberattacks/) (64%) or leaving the industry altogether (63%). And 76% of cybersecurity leaders already believe there is a [shortage of cybersecurity skills](https://www.securitymagazine.com/articles/92312-of-cybersecurity-leaders-face-skills-shortage) in their company.

The International Information System Security Certification Consortium (ISC)² says the demand for skilled security professionals is one of the biggest challenges facing the cybersecurity industry today, with [2.93 million positions open](https://www.isc2.org/-/media/ISC2/Research/2018-ISC2-Cybersecurity-Workforce-Study.ashx?la=en&hash=4E09681D0FB51698D9BA6BF13EEABFA48BD17DB0%5Ch) around the world. And it's estimated that number will [grow to an astounding 3.5 million](https://www.esg-global.com/esg-issa-research-report-2018?utm_campaign=Cybersecurity%202019&utm_source=slider) by 2021. With an industry deficit of skilled security analysts, and with projections for that gap continuing to widen, companies can't afford to lose the talent they already have.

## Take a New Approach to Cybersecurity

To get in front of cyberattackers and empower security analysts to be effective, organizations need to find ways to reduce the burdens of manual work on their analysts with more holistic and intelligent deployments of analytics and automation. Watch for our third blog in [this series](https://www.paloaltonetworks.com/blog/tag/stateofsecops/), where we'll take a deeper dive into the impact of security complexity on business outcomes, and explore opportunities and best practices for optimizing your SOC.

To learn more, download the full Forrester Consulting report: [The 2020 State of Security Operations](https://start.paloaltonetworks.com/forrester-2020-state-of-secops.html), and check out the top-line results from the report in [an interactive infographic](https://www.paloaltonetworks.com/resources/infographics/cortex-forrester-2020.html).

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Forrester Study: The 2020 State of Security Operations](https://www2.paloaltonetworks.com/blog/2020/09/state-of-security-operations/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Palo Alto Networks Cybersecurity Trends: Insights, Visionary Products](https://www2.paloaltonetworks.com/blog/2019/12/cybersecurity-trends/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Forrester TEI: Unlock 257% ROI with Cortex XSIAM](https://www2.paloaltonetworks.com/blog/security-operations/forrester-tei-unlock-257-roi-with-cortex-xsiam/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Moving Beyond Traditional EDR](https://www2.paloaltonetworks.com/blog/2020/10/secops-beyond-traditional-edr/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Gartner: Market Guide for SOAR Solutions](https://www2.paloaltonetworks.com/blog/2020/10/secops-gartner-soar-solutions/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Palo Alto Networks Is a Forrester ZTX Wave Leader](https://www2.paloaltonetworks.com/blog/2020/09/forrester-ztx-wave-2020/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language