Companies Discard 86 % of Logs, Undermining Breach Detection and SOC 2 Evidence
What Happened — A Dynatrace survey of 450 senior IT leaders at large enterprises found that ≈ 50 % of organizations deliberately drop or never collect an average of 86 % of generated log data, and many also truncate retention periods. The practice is driven by cost‑control pressures, especially from growing AI‑workload telemetry.
Why It Matters for Compliance & Audit Readiness
- SOC 2 CC6.1 requires “log monitoring” and the ability to produce audit‑ready log evidence for incident investigations; discarding logs defeats that control.
- Continuous‑compliance programs rely on immutable log archives to demonstrate due diligence and to satisfy the “Security” and “Availability” criteria during audits.
- Verisq’s Control Mapping capability can automatically map log‑retention policies to SOC 2 controls and collect continuous evidence, turning a cost‑driven gap into verifiable compliance proof.
Who Is Affected — Large enterprises across technology, finance, healthcare, and other sectors that run high‑volume AI or cloud workloads.
Recommended Actions
- Define a log‑retention policy that meets SOC 2 evidence requirements (e.g., minimum 12‑month retention for security‑relevant logs).
- Deploy automated log‑collection pipelines that tag and archive logs for audit purposes without manual intervention.
- Use continuous control monitoring tools to map log‑management settings to SOC 2 criteria and generate immutable evidence.
Source: Help Net Security
Technical Notes
- Primary driver: cost‑cutting by observability, platform‑engineering, and finance teams.
- AI workloads increase telemetry volume → higher ingestion/storage costs → more aggressive log pruning.
- Missing logs impede threat hunting, incident response, and forensic investigations.
Source: Help Net Security