For decades, highly regulated sectors have taken a cautious approach to cybersecurity, and for organisations in industries such as banking and finance, healthcare, insurance and critical infrastructure, the instinct has been to retain ownership of security operations. That model is now under strain. Escalating cyber threats, regulatory scrutiny, and a growing skills shortage are exposing the limits of traditional Security Operations Centres (SOCs).