Security operations practitioners describe a visibility problem in plain terms: too many alerts that do not connect and not enough shared context to act on. Their leaders report the same issue, with 24% identifying lack of enterprise-wide visibility as their single biggest barrier to effective security operations, ranking it above staffing shortfalls and automation gaps. In most organizations, the tools are there, but the integration that makes them useful together is not. The SANS Institute’s 2026 SOC Survey findings draw on 444 responses from security operations professionals and a parallel survey of 69 CISOs and senior security executives. 

“Visibility keeps showing up in this survey because it is genuinely hard to fix. Most organizations have the tools. Getting them to produce a coherent picture across teams that do not share priorities is where the work actually is,” said Christopher Crowley, SANS Senior Instructor and Independent Consultant at Montance, LLC, who has authored the SANS SOC Survey for a decade. 

59% of cyber leaders say management pays close attention to SOC hiring and retention needs. Only 32% of practitioners agree. That 27-point gap has held every year this question has been asked. Hiring and retention decisions are made by the leaders who hold that more favorable view, which means those decisions are regularly being made on a different picture than the one practitioners are living with. 

74% of cyber leaders apply threat intelligence to security operations and threat hunting. Only 26% use it to inform budget and spending decisions. The same intelligence that drives what analysts prioritize on a given day rarely makes it into planning conversations about what gets funded next quarter. 

“These patterns are not new. What this survey adds is ten years of data showing they have not moved. The organizations that close them are the ones that treat them as specific operational problems rather than general management challenges,” Crowley said. 

75% of cyber leaders say management understands that technology only works when skilled people run it. Yet when asked what most limits their ability to fund cybersecurity priorities, the same leaders cite human capital as the top constraint. Most security executives know people are the binding variable. Fewer are in organizations where that knowledge has changed how budgets are set. 

The findings will be presented during the 2026 SANS SOC Survey Insights webcast on Tuesday, June 17, 2026, at 10:30 AM EDT. Attendees will receive access to the complete Insights report alongside live analysis from Crowley. Register and download the report at sans.org/webcasts/2026-sans-soc-survey-insights.