* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Forrester Study: The 2020...

# Forrester Study: The 2020 State of Security Operations

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fstate-of-security-operations%2F)  
[](https://twitter.com/share?text=Forrester+Study%3A+The+2020+State+of+Security+Operations&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fstate-of-security-operations%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fstate-of-security-operations%2F&title=Forrester+Study%3A+The+2020+State+of+Security+Operations&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/09/state-of-security-operations/&ts=markdown)  
\[\](mailto:?subject=Forrester Study: The 2020 State of Security Operations)  
Link copied  
By [Mark Brozek](https://www.paloaltonetworks.com/blog/author/mark-brozek/?ts=markdown "Posts by Mark Brozek")  
Sep 17, 2020  
4 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown)  
[Forrester](https://www.paloaltonetworks.com/blog/tag/forrester/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
[StateofSecOps](https://www.paloaltonetworks.com/blog/tag/stateofsecops/?ts=markdown)

*In February 2020, Palo Alto Networks commissioned Forrester Consulting to conduct a study, The State of Security Operations, surveying 315 security operations decision-makers from around the world to understand their challenges, investment priorities and opportunities. We've compiled the top-line results in an interactive infographic --* [*check out how your own security operations measure up!*](https://www.paloaltonetworks.com/resources/infographics/cortex-forrester-2020.html)

The 2020 State of Security Operations study from Forrester Consulting finds that enterprise security teams around the world continue to struggle with the growing pace, volume and sophistication of cyberattacks. The commissioned survey of over 300 enterprise security operations professionals reveals that only 46% of enterprises are satisfied with their ability to detect cybersecurity threats. Since the COVID-19 crisis began, the [rate of attacks has soared](https://www.paloaltonetworks.com/blog/2020/07/unit-42-cybercrime-gold-rush/). One [FBI spokesperson was quoted as saying](https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic) that cybersecurity complaints to the Bureau's Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. In this three-part blog series, we'll explore critical insights from the Forrester Consulting study, including:

* The challenges facing today's modern SOC.
* The impact of those challenges on business outcomes.
* Opportunities and best practices for optimizing your SOC.

## Every Business Is Vulnerable to a Cyberattack

Despite all their resources, a number of industry-leading global companies have fallen victim to high-profile cyberattacks in 2020. According to the Forrester survey, a whopping 79% of enterprises have experienced a cyber breach in the past year, and nearly 50% in the past six months. This is despite the fact that most organizations have an internal security operations center (SOC) or some form of 24x7 coverage.

Cyberattackers are relentless and getting more sophisticated by the day. Businesses are under constant attack, with the average security operations team receiving over 11,000 security alerts daily. Hamstrung by siloed applications and manual processes, the report finds that a majority of organizations are unable to address most or all of the security alerts they receive in a single day. Alarmingly, 28% of alerts are simply never addressed.

The net result is that security analysts are drowning in alerts, which is having a profound impact on their health, wellness and overall job satisfaction. This reactive approach to cybersecurity also has decision makers frustrated and dissatisfied. With Forrester Research estimating the cost of an average data breach at as much as [$7 million per incident](https://www.forrester.com/report/Estimate+Breach+Impact+And+Costs+To+Drive+Investments/-/E-RES121315#), a more proactive approach is needed to quickly prevent, identify and address cyber threats.

## Security Teams Face Significant Resource and Technology Challenges

Security analysts are understandably frustrated that they are spending so much time chasing false leads and performing manual processes. They are working longer hours, taking on more responsibility and increasingly under more pressure to protect the business. Despite their efforts, security operations teams are unable to hit [key metrics](https://www.paloaltonetworks.com/blog/2020/01/cortex-soc-metrics/) like mean time to investigate, number of incidents handled, mean time to respond, threat score and number of alerts. Less than 50% of teams report that they meet these metrics most of the time. Based on the survey, Forrester Consulting found two key reasons for this disconnect:

**Resource gaps:** IT decision makers say finding and keeping experienced security operations staff and enough analysts to support the workload is a major challenge.

**Technology gaps:** SecOps teams use an average of over 10 different categories of security tools, including firewalls, email security, endpoint security, threat intelligence, vulnerability management and more. But these tools are typically siloed, and implementation tends to be poor.

This wide range of tools that enterprises invest in to combat security threats creates a number of problems, including:

* Difficulty hiring, training and retaining employees who are adept at using the full security technology stack.
* Too many low-priority alerts that obscure visibility into the real threats and leave security analysts with little time for threat hunting and process improvement.
* Siloed workflows that add complexity and time to security processes.

## The Modern SOC Requires Automation and Visibility

According to the report findings, only 13% of the surveyed organizations are leveraging the value of [automation](https://www.paloaltonetworks.com/blog/2020/02/cortex-xsoar/) and [machine learning](https://www.paloaltonetworks.com/blog/2020/03/cortex-ai/) to triage, analyze and respond to threats. On the flip side, sophisticated cyberattackers are rapidly developing new ways to use these same tools to scale the scope and impact of their operations.

Forrester Consulting says there are opportunities and solutions businesses can take advantage of to increase control and visibility across the infrastructure. For example, an extended detection and response (XDR) solution can help with analyst fatigue, tool inefficiency and overall security outcomes by:

* Improving visibility with unifying technology that seamlessly integrates telemetry from multiple sources.
* Leveraging security analytics capabilities such as machine learning to surface stealthy attack techniques
* Automating root cause analysis.

To learn more, download the full Forrester Consulting report: [The 2020 State of Security Operations](https://start.paloaltonetworks.com/forrester-2020-state-of-secops.html). And watch for our second blog in this series, where we'll take a deeper dive into the challenges facing today's modern SOC.

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### The 2020 State of Security Operations: Assessing Analyst Burnout](https://www2.paloaltonetworks.com/blog/2020/09/secops-analyst-burnout/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Forrester TEI: Unlock 257% ROI with Cortex XSIAM](https://www2.paloaltonetworks.com/blog/security-operations/forrester-tei-unlock-257-roi-with-cortex-xsiam/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New in Cortex](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits](https://www2.paloaltonetworks.com/blog/security-operations/how-cortex-defends-against-microsoft-sharepoint-toolshell-exploits/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Defending against Phantom Taurus with Cortex](https://www2.paloaltonetworks.com/blog/security-operations/the-rise-of-phantom-taurus-unmasking-a-stealthy-new-threat-to-global-security-with-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### What's New for Cortex and Cortex Cloud (Apr '25)](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-and-cortex-cloud-apr-25/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language