Connect with us

Hi, what are you looking for?


Management & Strategy

Enterprise Security Pros Embracing Threat Intelligence, But Question Reliability: Survey

Awareness of the role threat intelligence can play in improving cyber security may be growing, but some still remain unsold on its effectiveness, a new study has shown.

Awareness of the role threat intelligence can play in improving cyber security may be growing, but some still remain unsold on its effectiveness, a new study has shown.

In a new report from the Ponemon Institute commissioned by Webroot, 80 percent of the IT professionals surveyed that had experienced a breach during the past two years said they felt threat intelligence would have helped prevent or minimize the consequences of the attack. The stat is telling, as 40 percent of the 693 people participating in the survey said their organization had been breached during that period.

However, the overall numbers tell a slightly different story. While 53 percent said threat intelligence was critical to having a strong security posture, 47 percent did not agree. According to the report, this may be due to the quality of threat intelligence, which in some cases has not evolved to the point where some consider it a critical component of IT security strategy.

In fact, later in the survey, many organizations indicated that while they are increasing the amount of intelligence data they consume, much of it is not considered all that useful. While 45 percent of respondents say they are increasing the amount of intelligence data they receive, just nine percent classified the accuracy of that intelligence as “very reliable.” In addition, on a scale of one to 10, with 10 being the best, 36 percent rated the accuracy of intelligence as a 3 or a 4. 

Larry Ponemon, chairman of the Ponemon Institute, said one of the main misconceptions organizations have about threat intelligence is that technology alone is sufficient for having actionable and reliable information. Those companies underestimate the need for hiring experts to manage the process of using the intel, he said. 

“This is especially the case when applying threat intelligence to big data analytics and SIEM that require a much greater knowledge and expertise in IT security,” he explained.

Companies also sometimes overlook the opportunity to improve the intelligence they receive by not working with their peers and sharing threat intelligence, he added.

Advertisement. Scroll to continue reading.

“The financial services sector is an example of an industry that shares threat intelligence effectively because of the similarity in ways they are targeted and attacked,” he said. “In the study only 24 percent are exchanging threat intelligence with companies in the same industry.”

Still, 34 percent said their organizations plan to expand their threat intelligence budget signficantly during the next two years. Forty-nine percent of the companies using threat intelligence said they use “fee-based” services, with most (80 percent) believing they are better than free sources of intelligence. Only 15 percent said their process for using actionable intelligence from external sources – such as vendor-supplied threat feeds to predict malicious IP activity – is highly effective. Twenty-five percent of respondents said they are highly effective in using actionable intelligence from internal sources.

“Wider adoption of threat intelligence processes and solutions may occur when companies begin to look at the economics of reducing the consequences of an attack using real time monitoring tools,” Ponemon said. “Many companies may think it is too expensive to make such an investment without considering how much downtime and cost could be reduced by uncovering attacks that circumvent traditional defenses.”

Businesses are struggling to identify and stop new threats because they are being forced to assess the risk of more unknown objects than ever before and their traditional security technologies cannot keep up, Patrick Kennedy, vice president of enterprise marketing at Webroot, said in a statement.

“The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks,” he said. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.