What began as a stopgap response to the issue of a cybersecurity talent shortage is fast turning into a major and fast-growing market, with Indian companies rapidly opting for outsourced cybersecurity operations, experts told ET.
The pressure is highest on mid-sized firms as most companies lack the budget, talent and resources to build and run full-scale security operations centres.
“About half of the organisations we are seeing are considering outsourcing their security operations centre (SOC) functions,” said Adrian Hia, APAC head at cybersecurity and anti-virus provider Kaspersky.
This trend is growing faster in India than almost any other market globally.
“Indian enterprises are increasingly making a deliberate choice to adopt SOC-as-a-service rather than treating it as a temporary response to talent shortages,” said Biswajeet Patra, senior principal analyst at research and advisory firm Forrester.
“India accounted for almost 5-6% of global SOC-as-a-service revenue in 2025, and it is among the fastest growing markets in Asia Pacific, with growth estimates ranging from low double digits to around 20% CAGR,” he added.
Global SOC-as-a-service growth, by comparison, is generally estimated in the 10 to 12% CAGR range.
“Running an in-house SOC requires significant upfront and ongoing investment in tools, staff, and round-the-clock operations,” Patra noted. Outsourced SOC models convert much of this fixed cost into a subscription and improve detection and response through shared platforms and automation.
The shift to SOC-as-a-service is led by industries such as banking, financial services and insurance (BFSI), telecom, and IT services, where regulatory oversight and continuous digital operations enable minimal downtime.
These sectors encounter increasingly advanced and frequent attacks while overseeing complex hybrid and cloud infrastructures. Outsourcing provides them with 24/7 monitoring, quicker threat identification, and processes prepared for audits without the need to expand internal teams as rapidly as increasing risks, experts said.
“Around 80-85% of organisations in BFSI are outsourcing at least some cybersecurity functions,” said Tarun Gulani, president at Prudent Insurance Brokers.
Most commonly outsourced functions include vulnerability assessment and penetration testing (VAPT), red teaming, threat intelligence and SOC monitoring.
VAPT simulates cyberattacks to identify risks, while red teaming mimics stealthy attacks to test response capabilities. Threat intelligence involves analysing data on malware and cyber threats to enable proactive defence.
However, most firms are not handing over full control to third parties. Around 70-75% of insurance organisations operate in a hybrid model in which SOC monitoring is outsourced, but incident decisions are made in-house, Gulani said. “In BFSI, VAPT is outsourced by as many as 90 to 95% of firms, while SOC outsourcing stands at around 80-85%,” he said.
Increasing complexity of cyberthreats along with a talent shortage is making in-house security more expensive and harder to run for companies.
“The talent shortage is global, and it is being compounded by how quickly the threat landscape is evolving,” said Juraj Jasonik, AI head at global cybersecurity firm ESET. Modern environments have grown too large and complex to be managed through purely human-led operations alone, he added.
Cybersecurity providers are increasingly using artificial intelligence.
“AI is changing SOC economics by automating alert triage, correlation, and initial investigation,” Patra of Forrester said.
Service providers can spread AI investments across many clients, giving them an edge that most individual enterprises cannot match on their own. Human oversight, however, remains a critical part of the process.
The pressure is highest on mid-sized firms as most companies lack the budget, talent and resources to build and run full-scale security operations centres.
“About half of the organisations we are seeing are considering outsourcing their security operations centre (SOC) functions,” said Adrian Hia, APAC head at cybersecurity and anti-virus provider Kaspersky.
This trend is growing faster in India than almost any other market globally.
“Indian enterprises are increasingly making a deliberate choice to adopt SOC-as-a-service rather than treating it as a temporary response to talent shortages,” said Biswajeet Patra, senior principal analyst at research and advisory firm Forrester.
“India accounted for almost 5-6% of global SOC-as-a-service revenue in 2025, and it is among the fastest growing markets in Asia Pacific, with growth estimates ranging from low double digits to around 20% CAGR,” he added.
Global SOC-as-a-service growth, by comparison, is generally estimated in the 10 to 12% CAGR range.
“Running an in-house SOC requires significant upfront and ongoing investment in tools, staff, and round-the-clock operations,” Patra noted. Outsourced SOC models convert much of this fixed cost into a subscription and improve detection and response through shared platforms and automation.
The shift to SOC-as-a-service is led by industries such as banking, financial services and insurance (BFSI), telecom, and IT services, where regulatory oversight and continuous digital operations enable minimal downtime.
These sectors encounter increasingly advanced and frequent attacks while overseeing complex hybrid and cloud infrastructures. Outsourcing provides them with 24/7 monitoring, quicker threat identification, and processes prepared for audits without the need to expand internal teams as rapidly as increasing risks, experts said.
“Around 80-85% of organisations in BFSI are outsourcing at least some cybersecurity functions,” said Tarun Gulani, president at Prudent Insurance Brokers.
Most commonly outsourced functions include vulnerability assessment and penetration testing (VAPT), red teaming, threat intelligence and SOC monitoring.
VAPT simulates cyberattacks to identify risks, while red teaming mimics stealthy attacks to test response capabilities. Threat intelligence involves analysing data on malware and cyber threats to enable proactive defence.
However, most firms are not handing over full control to third parties. Around 70-75% of insurance organisations operate in a hybrid model in which SOC monitoring is outsourced, but incident decisions are made in-house, Gulani said. “In BFSI, VAPT is outsourced by as many as 90 to 95% of firms, while SOC outsourcing stands at around 80-85%,” he said.
Increasing complexity of cyberthreats along with a talent shortage is making in-house security more expensive and harder to run for companies.
“The talent shortage is global, and it is being compounded by how quickly the threat landscape is evolving,” said Juraj Jasonik, AI head at global cybersecurity firm ESET. Modern environments have grown too large and complex to be managed through purely human-led operations alone, he added.
Cybersecurity providers are increasingly using artificial intelligence.
“AI is changing SOC economics by automating alert triage, correlation, and initial investigation,” Patra of Forrester said.
Service providers can spread AI investments across many clients, giving them an edge that most individual enterprises cannot match on their own. Human oversight, however, remains a critical part of the process.
