New Research Reveals Enterprises Investigate Just 37% of Daily Security Alerts as AI Expands in the SOC
Crogl announces independent study examining alert overload, AI effectiveness, and rising third-party data concerns in security operations
ALBUQUERQUE, N.M., — Crogl, the leading secure agentic platform for security operations, today released The State of SecOps and the Deployment of AI in the SOC report, a new independent research examining the effectiveness of security operations (SecOps) and the growing role of artificial intelligence (AI) in the Security Operations Center (SOC). The study, conducted by Ponemon Institute and based on a survey of 649 IT and IT security practitioners in North America, finds that organizations are overwhelmed by alert volume even as AI adoption accelerates.
Enterprises report receiving an average of 4,330 security alerts per day, yet only 37% of those alerts are detected and investigated. At the same time, organizations experienced an average of 16 cyberattacks in the past 12 months, underscoring the persistent pressure on security teams. While AI is increasingly embedded into security workflows, the research reveals that integration challenges and governance concerns continue to limit its full impact.
Key Findings
-
Alert overload persists. Organizations receive an average of 4,330 security alerts daily, but only 37% are detected and investigated.
-
Cyberattacks remain frequent. Enterprises experienced an average of 16 cyberattacks in the past year, with 50% involving malicious insiders and 48% involving phishing or social engineering.
-
AI adoption is widespread but confidence is mixed. 62% of organizations have adopted AI in some capacity, yet only 44% say AI in the SOC is highly effective in reducing threats.
-
Human analysts remain critical. 52% say human analysts are highly effective as the final line of defense in AI-powered SOC environments.
-
Speed is AI’s top benefit. 67% say AI helps resolve alerts faster, and 57% say it frees analyst bandwidth for higher-priority work.
-
Integration and data challenges slow AI deployment. 50% cite workflow integration as the biggest barrier to deploying AI in the SOC, and 49% say dispersed, hard-to-normalize data is a key obstacle.
-
Third-party AI risk is a growing concern. 61% are highly concerned vendors may use their security data to enrich AI services, and 59% worry about derivative data use.
“Security teams are under relentless operational pressure,” said Monzy Merza, CEO of Crogl. “They are managing thousands of alerts every day while defending against increasingly complex attacks. AI is emerging as a critical force multiplier inside the SOC, but the research makes clear that automation alone is not enough. Organizations that combine agentic speed with strong human oversight, disciplined workflows, and clear data governance are positioned to see the greatest impact.”
The study also found that among organizations with a SOC, 57% are already using AI within security operations to reduce case complexity, automate documentation, and improve collaboration. However, only 36% believe they have a strong ability to detect whether AI tools are introducing new, less visible forms of data leakage, highlighting emerging governance risks.
The full report, The State of SecOps:AI in the SOC: What's Working, What Isn't, and What Comes Next, is available for download here.
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. The Institute conducts high-quality empirical studies on critical issues affecting the management and security of sensitive information.