Alert Fatigue in SOC:

A Rising Cybersecurity Challenge

Modern SOCs face thousands of alerts each day from SIEM, EDR, and XDR systems, many of which are false positives. This constant barrage desensitises analysts, causing up to 30%* of genuine alerts to be ignored and leaving organisations exposed to undetected threats. Receiving an average of 17,000 malware alerts per week, over 80% of which are false alarms, creates a human toll that undermines both security effectiveness and staff wellbeing.

*However, much more recent field evidence, such as that provided by Riccardo Baldanzi, co-founder of RedCarbon, paints an even bleaker picture:

“30% is an underestimate, and the percentage of alerts that remain uninvestigated is much higher due to alert fatigue”.

Why Alert Fatigue Occurs

Alert fatigue develops when low-priority notifications overwhelm critical warnings. Excessive false positives, minimal contextual filtering, and inadequate prioritisation all contribute. Poorly tuned systems trigger high volumes of trivial alerts, so analysts learn to assume alarms lack urgency. Consequently, many teams spend more than a quarter of their time on false alarms instead of investigating genuine incidents. We can only but recommend the excellent Adger University paper, “Mindful Balancing: Avoiding Alert Fatigue in Security Operation Centers” by Terje Heum Seljåsen and Adrian Mikkelsen, which has also achieved international recognition by winning a place on the Top 25% Papers List of the prestigious AMICS’ Awards 2025 edition. Supervised by: Associate Professor Wael Soliman, part of Adger University’s Department of Information Systems.

Impact on Analysts: Stress and Burnout

Continuous exposure to trivial alerts leads to chronic stress and anxiety among SOC professionals. Over 50% percent of security staff report increased anxiety as a direct result of alert overload, and 40% admit to occasionally muting alarms to cope. Burnout has reached crisis proportions, with 77% stating that stress impairs their performance and 85% considering leaving their roles. This trend threatens institutional knowledge, drives up replacement costs, and damages morale.

Organisational Consequences: Productivity and Risk

Alert fatigue harms individuals and heightens business risk. Jaded analysts may overlook early breach indicators, and 83% of IT security professionals acknowledge that errors resulting from burnout have led to breaches. The average data breach costs approximately €3.5 million, not including regulatory fines and reputational damage. Furthermore, reactive “alert chasing” diverts resources from proactive threat hunting, creating a cycle of inefficiency and escalating operational costs.

Tackling Alert Fatigue

Organisations must adopt both human-centred practices and technical innovation. First, review and tune detection thresholds to remove low-value alerts. Next, assign clear severity scores so only critical issues demand immediate attention. Ensuring adequate staffing, cross-training analysts, and monitoring workloads helps to prevent hidden burnout. Finally, implement AI-driven automation to handle repetitive triage, correlate events intelligently, and escalate only credible threats.

RedCarbon’s AI SOC Solution

RedCarbon’s platform acts as a set of virtual AI-agent guardians that integrate seamlessly with existing SIEM, EDR, and XDR tools. Each AI Agent specialises in a specific function, working together to reduce noise, surface meaningful threats, and empower analysts to focus on higher-value investigations.

• AI Analyst Level 1 rapidly filters and triages alerts, dismissing false positives and forwarding only credible threats for review.
• AI Analyst Level 2 performs deep retrospective analysis using the MITRE framework, uncovering previously undetected attacks.
• AI Threat Hunter proactively reviews potential false positives and hunts for hidden anomalies through advanced IoC and TTP analysis.
• AI Threat Intelligence Analyst continuously monitors the deep and dark web, integrating intelligence directly into the SOC workflow to provide enriched context and early warning of emerging threats.

By collaborating as a network of specialised AI Agents, the platform restores the signal-to-noise balance, enriches alerts with context and recommended actions, and ensures faster, more accurate responses.

This approach allows repetitive, high-volume tasks to be handled by automation, while human analysts remain central to decision-making. The result is enhanced resilience, reduced burnout, and a stronger, more proactive defence posture.

Conclusion: Guardians of the Guardians

Alert fatigue is not an unavoidable burden; it can be addressed with the right balance of culture and technology. Organisations should support analysts through fair workloads, resilience training, and best practices such as rotating duties and celebrating successes. A healthy team is a stronger defence.

On the technology side, AI-driven automation offers a practical way to reduce noise and focus human expertise on what truly matters. Platforms like RedCarbon’s AI-powered system act as virtual analysts, filtering alerts, triaging incidents, and enabling analysts to concentrate on creative problem-solving and rapid response.

Ultimately, tackling alert fatigue benefits both people and organisations: analysts gain meaningful work, while businesses achieve greater resilience. Explore the solutions available, and if you would like to learn more about RedCarbon’s AI-powered platform, request a personalised demonstration at get a demo.