A new global report by Splunk has revealed that most Security Operations Centres (SOCs) are still bogged down by tool maintenance and operational inefficiencies, with only a small proportion fully trusting AI for critical cybersecurity tasks. The “State of Security 2025” report highlights key challenges facing security teams, including understaffing, alert fatigue and disconnected systems, which leave organisations exposed to increasingly complex threats.
Security tools hinder more than they help
According to the report, 46% of respondents said they spend more time maintaining tools than defending their organisation. Meanwhile, 78% noted that their security tools are disconnected or spread across systems, and 69% said this fragmentation creates moderate to significant challenges in their daily workflows.
These inefficiencies directly impact the performance of security teams. Over half of respondents said they spend too much time managing false positives and are overwhelmed by the sheer volume of alerts. Gaps in data management also result in wasted investigation time, with 57% reporting delays due to fragmented or missing data.
The report also found that SOC teams are increasingly struggling with burnout and resource constraints. Half of those surveyed said they were overworked, and an equal proportion admitted they had considered leaving cybersecurity due to job-related stress. In addition, 43% cited unrealistic expectations from leadership as a key pressure point.
AI adoption grows, but trust remains low
While organisations continue to explore AI’s potential, only 11% fully trust AI to manage mission-critical cybersecurity tasks. Despite this caution, AI usage is on the rise, with 59% of respondents saying it has moderately or significantly improved efficiency, and 56% prioritising AI integration into security workflows this year.
Michael Fanning, Chief Information Security Officer at Splunk, emphasised the need for human oversight. “Organisations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don’t see AI taking complete oversight of the SOC – for good reason,” he said. “Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation.”
Nate Lesser, CISO at Children’s National Hospital, echoed this view. “According to Splunk’s State of Security report, the industry is struggling with escalating workloads, alert fatigue, and a shortage of skilled talent,” he said. “Integrating AI and automation helps us address these risks and empowers our teams with smarter tools to ensure our organisation remains resilient.”
The top areas where generative AI is being used include threat intelligence analysis (33%), querying security data (31%), and writing or editing security policies (29%). Notably, 63% of respondents said that domain-specific AI tools perform better than general AI tools in security operations.
Unified platforms improve response times
The report points to a growing need for unified SOC platforms that combine human expertise with AI capabilities. By reducing tool sprawl and enabling better collaboration, a unified platform improves detection speed and response times.
Of the respondents who had integrated security and observability teams, 78% reported faster incident detection and 66% saw quicker remediation. Despite these gains, the majority of organisations have yet to adopt a fully unified approach.
The findings suggest that while AI and automation offer clear benefits, long-term resilience in cybersecurity will depend on streamlining technology and improving team collaboration — not just replacing staff with tools.
