Kaspersky research shows strong shift towards outsourced and hybrid SOCs in Singapore and APAC

Most organisations in Singapore and across Asia-Pacific are choosing to outsource at least part of their Security Operations Centre, reflecting a broader shift in how cybersecurity operations are designed and managed. New research shows that a strong majority of companies now favour outsourced or hybrid SOC models, with only a small minority opting to keep all SOC functions fully in-house.

The findings point to growing pressure from increasingly complex cyber threats, tighter regulatory requirements, and persistent talent shortages. As a result, organisations are reassessing traditional SOC structures and looking for more flexible operating models. By combining internal teams with external specialists, companies aim to maintain continuous monitoring, strengthen compliance, and gain access to advanced security capabilities that are difficult to sustain independently.

Across Asia-Pacific, 64% of organisations surveyed said they plan to outsource part of their SOC operations, combining in-house capabilities with external expertise. A further 28% are prepared to fully adopt a SOC-as-a-Service model. In contrast, only 7% intend to build and operate their SOC entirely in-house, highlighting the challenge of sustaining round-the-clock operations and recruiting qualified cybersecurity professionals in a competitive market.

Singapore mirrors regional shift towards hybrid and outsourced SOCs

The preference for outsourced SOC models is even stronger in Singapore. According to the research, 92% of organisations in the country plan to outsource at least part of their SOC operations. Hybrid arrangements dominate, with 68% indicating a preference for blending internal oversight with external operational support. Nearly one in four organisations, or 24%, expect to fully outsource their SOC.

SOC outsourcing can take different forms, ranging from delegating specific technical functions to transferring end-to-end responsibility for detection, investigation, and response. In practice, many organisations retain strategic control internally while relying on external providers to manage operational and highly technical workloads.

Among organisations in Asia-Pacific planning to outsource SOC functions, the most commonly delegated activities include solution installation and deployment, cited by 64% of respondents. This is followed by solution development and provisioning at 59%, and SOC design at 53%. Similar patterns are seen in Singapore, where 60% of organisations plan to outsource solution installation and deployment, 43% expect to delegate solution development and provisioning, and 35% indicate plans to outsource SOC design.

This approach allows organisations to accelerate SOC deployment while reducing pressure on internal teams. It also provides faster access to specialised expertise and technologies that would otherwise require significant investment to develop and maintain internally.

Drivers behind outsourcing and demand for specialist expertise

The demand for external SOC specialists further illustrates how organisations are reshaping their security operations. Across Asia-Pacific, first-line security analysts are the most in-demand external role, cited by 64% of respondents. Digital Forensics and Incident Response specialists are also highly sought after, with 52% indicating a need for this expertise.

In Singapore, similar trends emerge. First-line analysts are the most requested external specialists at 52%, followed by Digital Forensics and Incident Response experts at 48%. Threat hunters are also increasingly in demand, with 35% of organisations seeking to augment this capability. These figures suggest that organisations are prioritising frontline detection and response functions, where speed, scale, and experience are critical.

The leading driver for SOC outsourcing is the need for continuous, 24/7 protection. Across Asia-Pacific, 58% of organisations cited round-the-clock monitoring as the primary reason for outsourcing, recognising that internal teams often struggle to sustain this level of coverage alone. Reducing the workload on internal security teams was the second most common motivator, cited by 53% of respondents.

Access to advanced security technologies is another key factor. Nearly half of organisations, or 49%, said outsourcing enables access to more sophisticated tools, while 42% highlighted the value of external support in meeting regulatory requirements. Budget optimisation was also cited by 42% of respondents, suggesting that cost efficiency remains an important consideration alongside improved security outcomes.

Commenting on the findings, Sergey Soldatov, Head of Security Operations Centre, said the shift towards outsourcing is driven by the need for greater operational focus and strategic flexibility. He noted that moving routine and technical tasks to external providers allows organisations to concentrate on higher-value activities, such as strategic decision-making and coordinated responses to complex threats, while also delivering cost efficiencies.

Adrian Hia, Managing Director for Asia-Pacific, added that organisations across Singapore and the region are moving beyond debates about whether cybersecurity matters. He said the focus has shifted to how SOC teams and intelligence functions can remain effective over time, particularly as digital dependence and regulatory demands continue to grow. In this context, resilience increasingly depends on how expertise and responsibility are structured, rather than solely on where systems are hosted.