AI-driven cyberattacks have risen by 47% in 2025, with global losses soaring into the tens of billions – a dramatic escalation attributed to automation, deep-learning-powered phishing, ransomware creation, and multi-agent hacking tools, according to a recent industry survey. Criminals no longer need elite skills if they have an LLM and persistence. Artificial intelligence has lowered the barrier to entry for cybercrime while advancing its sophistication. The result: a relentless storm of attacks that overwhelm traditional defenses.
The New Battleground: Platforms That Never Sleep
E-commerce sites, financial services apps, gaming platforms, and digital marketplaces are now prime targets because they transact real money around the clock. Hackers know that always-on platforms can’t afford downtime, making them ideal victims. They also know when to strike: outside of business hours, when IT staff and executives are least prepared to respond. Midnight on a Saturday is the perfect moment to unleash a ransomware campaign designed to paralyze operations before anyone notices. In fact, we’ve all seen weekend and holiday cyber attacks unfold in the UK and other countries – a pattern often noted in official advisories.
This means that for businesses where users never log off, the Security Operations Center (SOC) can no longer be seen as a backroom monitoring function. It is the backbone of financial trust, business continuity, and regulatory compliance. A robust SOC ensures that attacks are spotted, triaged, and neutralized before they spiral into operational disasters or reputational crises.
The vulnerabilities are clear: attackers don’t care about office hours, but too many defenders still structure their operations around them. This asymmetry is where AI-empowered cybercrime thrives.
Building a SOC for the 24/7 Age of AI
The iGaming industry provides a case study in how digital businesses can adapt. At Softswiss, a global provider of software for iGaming, cybersecurity has been elevated to a first-class priority. Its SOC operates around the clock, recognizing that in an industry where money and trust move continuously, there can be no gaps in defense.
One challenge we encountered at Softswiss was to align our security provisions with our wide portfolio of products – each operating on its own distinct infrastructure, and governed by a diverse set of compliance requirements across different jurisdictions. In effect, one SOC had to oversee multiple technology stacks, diverse corporate systems, business processes, escalation rules, and regulatory checklists – all without letting incidents slip through the cracks.
Rather than buying its way into maturity with costly enterprise platforms, Softswiss took a different approach. We designed its SOC around open-source, automation-first tools because they are easier to scale, adapt, and fully control in-house. This choice reduced costs while increasing flexibility, a powerful lesson for any digital enterprise navigating complex ecosystems.
Automation plays a starring role. Instead of drowning analysts in repetitive alerts, the SOC relies on automation to handle triage, enrichment, and simple containment. That means frontline staff aren’t wasting energy on thousands of false positives. Instead, they receive enriched, pre-vetted cases that demand human judgment and creativity – the kind of work people are uniquely suited to.
When a serious incident strikes, Softswiss doesn’t rely on a siloed team of analysts. An Incident Manager takes the helm, enforcing playbooks and coordinating a cross-functional Cybersecurity Incident Response Team (CSIRT). Infrastructure Security works to contain networks and servers. Application Security addresses vulnerabilities. IAM specialists revoke access and rotate credentials. Communications ensures executives and staff stay aligned under pressure. It’s a model that turns chaos into coordinated action.
Lessons for Every Digital Business
The iGaming sector isn’t the only one facing this reality. Any business where real money flows 24/7 is in the firing line. From banking apps to logistics platforms to global retailers, attackers are exploiting gaps in human oversight, betting that their scripts will outpace human response times.
A properly structured SOC is therefore no longer optional. It has become the foundation of customer trust and regulatory compliance across industries. And the cost of failure goes far beyond lost revenue. A serious breach can shatter reputations. Customers who see their data compromised rarely return, and partners who lose confidence in a platform are quick to move on. Trust takes years to build but can vanish in a single incident.
In my experience, smart investment beats expensive vendor lock-in when building your own SOC. Many organizations assume maturity requires signing up for monolithic enterprise solutions. In reality, an agile SOC built on open-source components and fortified with automation can deliver equal or even better resilience at lower cost, and with greater adaptability. This approach empowers companies to control their own destiny, rather than outsourcing it to a vendor whose priorities may not align with theirs.
Technology alone, however, is not enough. AI tools and automated workflows are invaluable, but they cannot replace human intelligence. What they can do is liberate analysts from the grind of repetitive triage. At Softswiss, automation hasn’t just changed how incidents are handled; it has reshaped the SOC team itself. Analysts now focus on the critical incidents that matter the most, applying judgment, intuition, and creativity to scenarios that machines can’t yet solve effectively.
Staying Ahead of the AI-Powered Offensive
The cyber battlefield has fundamentally changed. AI has given attackers new speed, scale, and precision. Platforms that transact around the clock are at the center of this storm. Defenders must respond in kind, matching AI-enabled offense with automation-driven defense, disciplined playbooks, and continuous vigilance.
Our approach offers a blueprint that I believe other companies with a digital presence can adapt. Build security stacks around open-source and automation. Structure SOCs for real-time resilience, not nine-to-five coverage. Ensure incident response is cross-functional, drawing on expertise from across the business. And above all, recognize that trust is the most valuable asset at stake.
Because in this new era, the cost of neglecting cybersecurity isn’t just downtime or financial loss. It’s the erosion of credibility, the breakdown of customer confidence, and the kind of reputational hit that no AI tool can repair.
