Security Operations in 2025: a new era of resilience and innovation

Key takeaways

Regulatory expectations for SecOps are increasing with real-time reporting, third-party risk management, and comprehensive logging becoming standard requirements
The solution to the SOC workforce challenge lies in leveraging automation and AI, investing in training, and fostering a collaborative work environment
To justify SOC investments, organizations must frame benefits in terms of resilience, compliance, and reputation
Extended Detection and Response (XDR) platforms promise unified security and proactive detection, but require mature data management and organizational integration
The most effective approach to using AI in SecOps is “calibrated autonomy”, preserving human oversight for critical decisions
The SOC is a major data repository – its success depends on data quality, collaboration, and skills-matching between teams

Security Operations 2025

The capabilities and processes that worked last year, as seen in the 2024 SecOps report (opens in new tab) are no longer enough. Traditional models of development and operations are being reimagined as security leaders embrace bigger, bolder strategies centred on consolidation, futureproofing, and resilience.

This report equips security leaders with insights to navigate complexity, drive transformation, and build resilient, future-ready operations.

The 6 critical topics shaping SecOps

The 2025 report explores the emergent and transformatory trends impacting SecOps through six questions at the top of security leaders’ minds:

Where are we today, and what’s blocking us?

Navigating regulatory compliance: what do SecOps teams need to be aware of?
The SOC workforce challenge in 2025: burnout, skills gaps. What is the way forward?
Demonstrating Return on Investment: how to build a business case for SOC transformation?

What’s next, and how do we get there?:

XDR is here: how to future-proof your tooling?
Agentic AI in Security Operations: are SOC analysts out of a job?
The evolving role of Data in a modern SOC: how to connect security teams & catalyze business value

Cybersecurity

Wavestone Security Operations 2025 Report

pdf · 959KO

Download the report here

Authors

Francesca Kempster

Manager – UK, London

Wavestone
James Maidment

Senior Consultant – UK, London

Wavestone
LinkedIn

Acknowledgements

Each of the topics covered originally appeared as individual LinkedIn posts, which were researched and drafted by the SecOps team in the UK.

Particular thanks goes to the individual contributors below, whose invaluable input has shaped this report:

Fatima Azim, Henry James, Matthew Hood, Euan Fairweather, Saaid Mohamoud, Martin Gregoire

Insurance
Banking
Energy & Utilities
Automotive & Industry
Retail, Beauty & Luxury
Life Sciences
Government & International Institutions
Sustainability
Cybersecurity
Data & AI
SAP Consulting
IT Strategy & CTO Advisory
Compliance & Resilience
Corporate Finance & HR, Risk & Procurement
Core-Business Software Development
Supply Chain
Industry 4.0 & IoT
Customer Experience
Change Management
Operating Model Design & Agility
Sourcing & Services Optimization
Technology-driven Transformation
Regulation & Risk