Austin, Texas, USA, September 25, 2025
Futurum Intelligence Research Uncovers Divergent Risk Management and SOC Challenges Across Regulated Industries
According to Futurum’s 1H25 Cybersecurity Decision Maker research findings, organizations’ top risk management and SOC (security operations center) challenges vary based on the degree of regulatory oversight they face, with differing priorities around sophisticated threats, compliance, and operational integration.
High Regulation: Sophisticated Threats and Skills Challenges Take Precedence
For organizations operating in highly regulated sectors, nearly half (approximately 50%) of respondents noted addressing new and more sophisticated threats as the leading challenge in addressing their risk management and SOC teams. This is followed by acute shortages in skills and analyst burnout, compliance, and reporting issues (both noted just over 36% of the time). This feedback underscores how difficult it is for even those organizations with the most advanced security implementations to keep up with the furious pace at which threat vectors are evolving, especially given the ongoing skills gaps in the security industry.
Fernando Montenegro, Vice President and Practice Lead, Cybersecurity & Resilience at Futurum, underscores:
“In highly regulated industries, compliance is table stakes. Our research indicates that, even beyond meeting evolving regulatory requirements, organizations struggle to keep up with the sophistication of threats as attackers target sectors where disruption is most impactful. Managing skills shortages and burnout on SOC teams only amplifies the challenge, demanding new approaches to automation and threat intelligence.”
Medium Regulation: Integration and Compliance Concerns Rise
By contrast, organizations in sectors with medium degrees of regulation cite integration of risk metrics, which Futurum notes must occur across potentially dozens of cybersecurity tools, as their primary challenge (44%), with compliance and reporting in second place (approximately 39%). The data suggests these organizations are in earlier stages of maturing their compliance programs and are facing the complex task of unifying disparate risk data sources to meet evolving legislative demands. Krista Case, Research Director at Futurum, comments:
“For industries with moderate regulation, the compliance journey is just beginning. Integrating risk metrics across fragmented, best-of-breed security tools is a significant hurdle, especially as reporting requirements become more frequent and rigorous. The ability to produce reliable, auditable risk insights may soon define operational success.”
A Surprising Divergence in Compliance Prioritization
While compliance and reporting are of material concern for organizations operating in moderately- to highly regulated industries, the pressing need to address advanced, persistent, and potentially devastating new risks against a backdrop of staffing and expertise constraints results in the need for targeted investment in automation, risk integration, and workforce resilience within SOC and risk management teams.
Figure 1: Key Risk Management and Security Operations Center (SOC) Challenges
Read more in the “1H 2025 Cybersecurity Decision-Maker Survey Report” on the Futurum Intelligence Platform.
About Futurum Intelligence for Market Leaders
Futurum Intelligence’s Cybersecurity and Resilience IQ service provides actionable insight from analysts, reports, and interactive visualization datasets, helping leaders drive their organizations through transformation and business growth. Subscribers can log into the platform at https://app.futurumgroup.com/, and non-subscribers can find additional information at Futurum Intelligence.
Follow news and updates from Futurum on X and LinkedIn using #Futurum. Visit the Futurum Newsroom for more information and insights.
Other Insights from Futurum:
Futurum Intelligence Cybersecurity & Resilience IQ
Futurum Research 2025 Key Issues & Predictions
Futurum Research: AI Security Skills Gap Persists
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
