HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Enterprises Discard 86% of Logs, Weakening Breach Detection and SOC 2 Evidence

A recent Dynatrace survey shows half of large enterprises deliberately drop most of their log data to curb costs, especially under AI workload pressure. The practice erodes the log‑monitoring controls required by SOC 2, leaving organizations with insufficient evidence for incident investigations.

LiveThreat™ Intelligence · 📅 June 19, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Companies Discard 86 % of Logs, Undermining Breach Detection and SOC 2 Evidence

What Happened — A Dynatrace survey of 450 senior IT leaders at large enterprises found that ≈ 50 % of organizations deliberately drop or never collect an average of 86 % of generated log data, and many also truncate retention periods. The practice is driven by cost‑control pressures, especially from growing AI‑workload telemetry.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 CC6.1 requires “log monitoring” and the ability to produce audit‑ready log evidence for incident investigations; discarding logs defeats that control.
  • Continuous‑compliance programs rely on immutable log archives to demonstrate due diligence and to satisfy the “Security” and “Availability” criteria during audits.
  • Verisq’s Control Mapping capability can automatically map log‑retention policies to SOC 2 controls and collect continuous evidence, turning a cost‑driven gap into verifiable compliance proof.

Who Is Affected — Large enterprises across technology, finance, healthcare, and other sectors that run high‑volume AI or cloud workloads.

Recommended Actions

  • Define a log‑retention policy that meets SOC 2 evidence requirements (e.g., minimum 12‑month retention for security‑relevant logs).
  • Deploy automated log‑collection pipelines that tag and archive logs for audit purposes without manual intervention.
  • Use continuous control monitoring tools to map log‑management settings to SOC 2 criteria and generate immutable evidence.

Source: Help Net Security

Technical Notes

  • Primary driver: cost‑cutting by observability, platform‑engineering, and finance teams.
  • AI workloads increase telemetry volume → higher ingestion/storage costs → more aggressive log pruning.
  • Missing logs impede threat hunting, incident response, and forensic investigations.

Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/06/19/report-log-management-security-risk/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →