Threat intelligence is critical - but how to operationalise it?

Cyware survey identifies significant gaps in internal collaboration, tool integration, and automation — with only 13% confident their systems currently work well.

  • Sunday, 25th May 2025 Posted 7 hours ago in by Phil Alsop

Cyware has released the results of an onsite survey conducted at RSA Conference 2025. The survey captured insights from 100 cybersecurity executives and professionals across enterprises, government agencies, and service providers about how organisations are operationalising threat intelligence across their security operations.

The findings reveal a sharp disconnect between awareness and action: While nearly all respondents (92%) said collaboration and information sharing are either “absolutely crucial” or “very important” in the fight against cyber threats, the data tells a different story when it comes to the adoption of this practice. Only 13% said their current automation between cyber threat intelligence (CTI) and SecOps tools is working well, and nearly 40% struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.

“The RSAC survey data reveals a serious gap between that belief and the operational reality,” said Anuj Goel, Co-founder and CEO of Cyware. “Threat intelligence isn’t just about collecting data — it’s about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations.”

Key survey findings:

Internal collaboration and automation maturity remain major gaps: While 92% of respondents said threat intel sharing is “absolutely crucial” or “very important,” only 13% said their automation between CTI and SecOps tools is working well.

AI optimism is high, but its implementation is still uneven: 78% of respondents believe AI will improve threat intel sharing within their organisation, but only 43% say it’s made a meaningful impact so far.

Threat intel sharing is not occurring in real time: Only 17% of teams share threat intel across roles like SecOps, IR, and vulnerability management in real time, while another 25% do so daily. 22% reported sharing information rarely or not at all.

External threat intel sharing collaboration has much room for improvement: While 57% of respondents said their organisation collaborates with industry peers to improve threat intel, 30% were unsure if such collaboration even exists.

Automation gaps persist: More than half of respondents (56%) reported either significant or moderate challenges automating workflows across CTI and SecOps teams.

ISAC participation is low or unknown: Only 18% confirmed that their organisation is part of an Information Sharing and Analysis Center (ISAC) or Organisation (ISAO), while 45% said they didn’t know. That lack of clarity could be limiting access to valuable sector-specific threat insights — and further compounding intelligence silos.

The survey results reflect growing urgency to bridge the gap between threat intel awareness and execution. As cyber threats grow more complex and coordinated, Cyware is helping organisations unify threat ingestion, sharing, and response — powered by AI and hyper-automation.

AI is now the leading security concern

Posted 7 hours ago by Phil Alsop
AI surpasses ransomware as the top concern, as organizations navigate the double-edged sword of innovation and risk.

Workforce crisis sparks debate over HR & IT merger

Posted 7 hours ago by Phil Alsop
New study of global tech leaders finds IT leaders believe combining functions could boost productivity and engagement.
Seventy-seven per cent of engineering leaders identify building AI capabilities into applications to improve features and functionality as a...

Data streaming enables AI product innovation

Posted 4 days ago by Phil Alsop
In the largest global report on data streaming, 89% say DSPs make AI adoption easier.
73% are investing in AI-specific security tools with either new or existing budgets.
Public sector organizations recognize the potential of AI for enhancing decision making, improving service delivery and driving operational...

AI calls for cyber resilience rethink

Posted 1 week ago by Phil Alsop
Unveiled at the RSAC™ Conference, the 2025 LevelBlue Futures Report finds only 29% of executives are prepared for AI-powered threats, despite...
New study reveals average 29 point gap in sentiment between business and the public across all technologies.