-
The State of Threat Management Report reveals that fragmented tools and manual processes are widening the gap between threat awareness and effective CTEM
-
Only 41% of organizations have a fully consolidated view of cyber risk exposure; security teams spend 42% of their time investigating risks that turn out to be low priority or non-exploitable
-
AI-driven CTEM processes expected to nearly double—from 37% to 59%—within two years; 88% agree that automation is essential to keep pace with the growing volume of risk
Filigran, the European open-source threat management company, released The State of Threat Management Report, a global study of 550 security decision-makers and practitioners conducted by independent research firm Vanson Bourne. The research reveals a striking disconnect: Even as Continuous Threat Exposure Management (CTEM) gains traction as an industry framework, the operational maturity to execute it remains elusive.
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
The report identifies an “exposure gap”: the distance between knowing where threats exist and having the CTEM maturity to continuously prioritize and remediate them. Despite deploying an average of 14 different threat intelligence feeds, 61% of organizations say they cannot determine which vulnerabilities are most likely to be exploited in real-world attacks. Only 38% use threat intelligence within a continuous, fully automated validation process. Security teams spend an average of 42% of their time investigating risks that later prove low priority or non-exploitable.
“Visibility isn’t the problem. It’s that teams struggle to translate that visibility into action fast enough,” said Julien Richard, co-founder of Filigran. “Organizations are drowning in threat data from dozens of feeds and tools. Without continuous validation and intelligent prioritization, that data creates noise rather than clarity. Closing the exposure gap requires connecting threat intelligence directly to exposure validation and risk reduction in a continuous workflow.”
Visibility Remains Fragmented
Heavy investment in security tooling has not delivered a unified view of exposure. Only 41% of organizations report full consolidation of cyber risk visibility, and the gap is especially pronounced outside North America, where organizations are roughly 20 points behind on both consolidated visibility and continuous automated validation. Nearly 9 in 10 respondents agree that threat intelligence alone does not reduce risk unless it is continuously validated against actual exposure.
Regional Maturity Diverges Sharply
The maturity gap is not evenly distributed. For multinational organizations, the regional divide functions as a risk map: a breach is most likely to originate where the operational gap is widest.
North American organizations report the strongest operational maturity globally, with 52% reporting a fully consolidated view of cyber risk exposure—compared with a global average of 41%—and 51% using threat intelligence within a continuous, automated validation process. The U.S. specifically leads all surveyed countries in CTEM program adoption, with 58% reporting a fully established program, though U.S. organizations are also among the most likely to cite escalating attack frequency as their primary driver for investment.
EMEA falls in the middle of the global curve, with 37% reporting a fully consolidated view of exposure and 35% using continuous, automated validation. APAC reports the widest gap: just 31% have a fully consolidated view, and only 27% use continuous, automated validation—roughly half the North American rate.
Germany is the clearest exception to the regional pattern. At 58%, it leads all surveyed countries in automated validation adoption, and the dividend shows: German security teams report wasting just 27% of their time on low-priority or non-exploitable risks, compared with the global average of 42%—evidence that closing the automation gap returns real time to security teams, not just risk reduction.
Manual Processes Create a Prioritization Bottleneck
While 88% of respondents acknowledge that periodic assessments cannot keep pace with the speed of change in their environments, nearly half still rely completely or mostly on manual processes for vulnerability identification and threat analysis.
The bottleneck has real consequences: 84% agree that cyberattacks exploit known risks that are not prioritized. The top barriers to validating whether threats are exploitable include concern about disrupting systems (49%), excessive manual effort (46%), and poor integration with existing security processes (42%). Alert noise compounds the problem—89% say reducing it would help identify which alerts represent real business risk.
“This research quantifies a challenge security practitioners have been living with for years,” said Neena Sharma, Head of Customer and Product Marketing at Filigran. “The industry invested heavily in detection and intelligence, but without continuous validation and prioritization, organizations remain reactive. These findings reinforce why we are building the XTM platform—to give security teams the operational bridge from awareness to action.”
AI and Automation Emerge as the Path to Operational CTEM
Eighty-eight percent of security teams agree that without greater automation, they cannot keep up with the volume of risks they must assess. But AI adoption in exposure management is accelerating: currently, 37% of exposure management processes are AI-driven, and respondents expect that figure to reach 59% within two years.
While 95% of organizations agree greater automation would improve their confidence that teams are focused on the most important risks, only 38% have implemented continuous, automated validation.
The areas respondents say would benefit most from AI and automation are detecting vulnerabilities, misconfigurations, and exposures (59%); understanding which threats are relevant to their specific environment (56%); and validating whether exposures are realistically exploitable (54%).
Over the next 12–24 months, three-quarters of organizations plan to invest in both cyber risk quantification tools and exposure assessment capabilities. The urgency is clear: 93% agree that delaying improvements to how they manage cyber risk increases the likelihood of serious incidents, and 94% say a proactive cybersecurity posture in 2026 will depend on integrating threat intelligence with exposure management.
Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?
[To share your insights with us, please write to psen@itechseries.com ]
