Cyware has released the results of an onsite survey conducted at RSA Conference 2025. The survey captured insights from 100 cybersecurity executives and professionals across enterprises, government agencies, and service providers about how organisations are operationalising threat intelligence across their security operations.
The findings reveal a sharp disconnect between awareness and action: While nearly all respondents (92%) said collaboration and information sharing are either “absolutely crucial” or “very important” in the fight against cyber threats, the data tells a different story when it comes to the adoption of this practice. Only 13% said their current automation between cyber threat intelligence (CTI) and SecOps tools is working well, and nearly 40% struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.
“The RSAC survey data reveals a serious gap between that belief and the operational reality,” said Anuj Goel, Co-founder and CEO of Cyware. “Threat intelligence isn’t just about collecting data — it’s about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations.”
Key survey findings:
Internal collaboration and automation maturity remain major gaps: While 92% of respondents said threat intel sharing is “absolutely crucial” or “very important,” only 13% said their automation between CTI and SecOps tools is working well.
AI optimism is high, but its implementation is still uneven: 78% of respondents believe AI will improve threat intel sharing within their organisation, but only 43% say it’s made a meaningful impact so far.
Threat intel sharing is not occurring in real time: Only 17% of teams share threat intel across roles like SecOps, IR, and vulnerability management in real time, while another 25% do so daily. 22% reported sharing information rarely or not at all.
External threat intel sharing collaboration has much room for improvement: While 57% of respondents said their organisation collaborates with industry peers to improve threat intel, 30% were unsure if such collaboration even exists.
Automation gaps persist: More than half of respondents (56%) reported either significant or moderate challenges automating workflows across CTI and SecOps teams.
ISAC participation is low or unknown: Only 18% confirmed that their organisation is part of an Information Sharing and Analysis Center (ISAC) or Organisation (ISAO), while 45% said they didn’t know. That lack of clarity could be limiting access to valuable sector-specific threat insights — and further compounding intelligence silos.
The survey results reflect growing urgency to bridge the gap between threat intel awareness and execution. As cyber threats grow more complex and coordinated, Cyware is helping organisations unify threat ingestion, sharing, and response — powered by AI and hyper-automation.
