New Research Highlights Low Operational Maturity, Limited Sharing Practices and Growing Demand for AI-powered Support
Cyware, the leader in threat intelligence management, security collaboration, and orchestrated response, released new research revealing that a majority see the importance of having a Threat Intelligence Program and have started a Program. However, 80% of respondents recognise their threat intelligence programs are not fully operationalised, highlighting a significant opportunity for threat intelligence automation. The findings, gathered from security professionals at InfoSec Europe 2025, expose critical gaps in the maturity and automation of legacy threat intelligence platform capabilities, as well as a growing appetite for AI-driven solutions to augment speed, context and actioning of threat intel.
Also Read: CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck
Further survey results support this gap in operationalised threat intelligence, where 30% noted they are grappling with too many feeds with too little context, followed by a lack of automation/playbooks capabilities at 29%, and insufficient dedicated staff at 18%. All of these challenges reflect the need for maturing and operationalising threat intelligence that can be addressed with an AI-driven, automation-rich threat intelligence platform (TIP).
Survey responses identified the most in-demand TIP capabilities as follows: automation (48%), contextualisation and enrichment (37%) and more accurate risk scoring (34%). “We are excited to see this validation, coming straight from security practitioners, for how we’ve designed automation across the threat intelligence management lifecycle,” said Anuj Goel, CEO and Co-founder of Cyware. “Our unified threat intelligence solution automates ingestion, normalisation, de-duplication, enrichment and all the way through to threat actioning, facilitating and accelerating the full threat workflow.”
Also Read: About IoT Security: Challenges and Tips for a Hyperconnected World
“The survey confirms what many in the industry are already feeling – that traditional approaches to threat intelligence are no longer enough,” said Brett Candon, VP International at Cyware. “Security teams need AI-powered tools that can enrich data with context, automate time-consuming workflows and support real-time decision making. The opportunity is an augmented system from AI and automation that maintains human verification or oversight while improving their capacity to defend against the volume and complexity of threats.”
Additional key research findings include:
- Only 20% of respondents said they are “fully operationalised” in their use of threat intelligence with response integration–reflecting the gap in legacy TIP with current threat intelligence program requirements.
- Of those using a legacy TIP, only 17% use it to automate response workflows and 27% to enrich incidents and alerts–exposing untapped potential in modern TIPs.
- Only 16% of TIP users are currently sharing intelligence with partners or peers, despite nearly 75% recognising a need to improve sharing practices–further identifying opportunities with modern TIP capabilities.
- Only 38% of organisations have a defined threat intel sharing process that includes their supply chain, suggesting a missed opportunity for building greater resilience through collaboration.
- 39% identified AI-assisted correlation of IOCs and TTPs as the most valuable capability in an AI-powered TIP.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
