Skip to main content

Cybersecurity Statistics

Security Intelligence

VendorsCardinalOps

CardinalOps

Cybersecurity reports and statistics published by CardinalOps

2 categories1 reports

Research Reports

Reports and publications from CardinalOps

2025 State of SIEM Report

6/5/2025

Recent Statistics & Reports

79% of MITRE ATT&CK Techniques used by adversaries are missed by enterprise SIEMs.

6/5/2025
SIEMMITRE ATT&CK

On average, enterprise SIEMs only have detection coverage for 21% of adversary techniques defined in the MITRE ATT&CK framework. This is a 2% increase in coverage from the 2024 report.

6/5/2025
SIEMMITRE ATT&CK

A significant portion of existing SIEM detection rules, 13% on average, are broken. These rules are non-functional and will never trigger. This is a 5% decrease from the 2024 report.

6/5/2025
SIEM

SIEMs now process an average of 259 log types and nearly 24,000 unique log sources, providing more than enough telemetry to detect over 90% of MITRE ATT&CK techniques (an increase of three percent from 2024) – but manual, error-prone detection engineering practices continue to limit actual coverage.

6/5/2025
SIEM

79% of MITRE ATT&CK Techniques used by adversaries are missed by enterprise SIEMs.

6/5/2025
SIEMMITRE ATT&CK

Top Categories

SIEM
5
MITRE ATT&CK
3

Related Vendors

Red Canary
16 stats