Key Takeaways
- Intelligence drives better decisions. High-performing teams use threat intelligence not just for detection, but to inform strategic business decisions and communicate risk to leadership.
- Maturity means efficiency. Advanced programs focus on automation, high-fidelity indicators, and cross-functional collaboration—freeing analysts to concentrate on strategic initiatives.
- Information overload is the top challenge. Teams need better integrations and AI-powered tools to transform massive data volumes into actionable insights.
- AI will reshape the analyst role. While junior analysts won’t be replaced, their workflows will evolve significantly as AI augments their capabilities.
Recorded Future recently hosted two webinars to unpack key insights from the 2025 State of Threat Intelligence Report. The discussions provided an opportunity to hear directly from customers who are implementing these findings into their operational frameworks.
The report, based on survey responses from 615 cybersecurity executives and practitioners, revealed significant trends in the industry. Predominantly, threat intelligence spending is on the rise, with a striking 76% of organizations allocating over $250,000 annually. Looking ahead, an impressive 91% of respondents intend to increase their spending in 2026. This upward trajectory underscores a critical belief; a whopping 87% anticipate enhancing the maturity of their threat intelligence programs within the next two years.
Intelligence as a Strategic Asset
The recent webinars showcased the transformative impact of robust threat intelligence on decision-making processes within organizations. Jack Watson, Senior Threat Intelligence Analyst at Global Payments, highlighted the importance of understanding the complexity of threats. He emphasized that “one alert opened and one alert closed does not necessarily equate to one single adversary being stopped,” promoting a more comprehensive approach to problem-solving.
Omkar Nimbalkar, Senior Manager of Cyber Threat Research and Intelligence at Adobe, shared insights about recognizing patterns within their cybersecurity landscape. He noted, “Once you start doing this work day in and day out, you uncover patterns in your environment,” enabling teams to articulate their risk posture effectively and educate the business on emerging threats.
Ryan Boyero, Recorded Future’s Senior Customer Success Manager, reaffirmed the necessity of context and storytelling in risk communication. “You can have a precursor or malicious activity that has occurred,” he remarked, “but without threat intelligence, you can’t really tell the story or paint the picture that aids senior leadership in making informed decisions.” This underscores the crucial role of intelligence in linking technical details to business imperatives.
How Threat Intelligence Delivers Organization-Wide Value
Nimbalkar elaborated on how his team delivers targeted threat intelligence across different business units and product teams, allowing them to watch for specific behaviors and thwart targeted threats. This tailored approach exemplifies how intelligence can enhance cybersecurity posture across an organization.
Boyero further illustrated that Recorded Future’s clients in EMEA utilize threat intelligence to educate their leadership. “We’re able to inform leaders,” he explained, aiming not to instill fear, but rather to create a culture of awareness and preparedness. This educational approach encourages executives to understand the tools and measurements in place that ensure organizational success.
Erich Harbowy, Security Intelligence Engineer at Superhuman, noted that educating executives about risks is only part of the equation. His team leverages threat intelligence to demonstrate the value of their efforts, citing relevant statistics and featuring real-world incidents during discussions. “How do I prove my worth?” he questioned. “Give me the intel.” This statement highlights a growing need for cybersecurity professionals to justify their strategies and investments through measurable outcomes.
The Anatomy of a Mature Threat Intelligence Program
According to Nimbalkar, true maturity manifests when foundational tactical and operational aspects of threat intelligence work are completed. He emphasized that advancing maturity revolves around efficiency and optimization. This includes prioritizing high-fidelity indicators to enhance detection quality and limit noise in the system, actively engaging stakeholders, and developing refined workflows.
Watson described this maturity as the capacity to both ingest and action intelligence effectively. He pointed out the paradox where while acquiring data has become easier, filtering out noise remains a substantial challenge. Mature organizations are increasingly automating workflows and harnessing custom capabilities powered by AI to streamline their threat intelligence processes.
Pathways to Advancing Maturity
Nick Rainho, Senior Intelligence Consultant at Recorded Future, underlined that establishing clear intelligence requirements is vital for advancing maturity, especially within resource-limited scenarios. He advocates prioritizing low-hanging fruit to ensure that intelligence efforts align with the priorities set by senior leadership.
Boyero echoed this sentiment, emphasizing the importance of collaborating with leadership to define shared goals that the threat intelligence programs can achieve. This cooperative approach fosters a sense of ownership and engagement at every level, from analysts to executives.
Top Challenges for CTI Teams
The discussions highlighted information overload as a predominant hurdle for contemporary CTI teams. Watson remarked, “More data is better than less, but you must be able to whittle it down, or it’s useless.” This statement encapsulates the challenge many teams face in managing vast volumes of data without falling prey to distraction.
Nimbalkar identified the influx of new tools and advancements in AI as crucial factors contributing to information overload, stressing the need for improved integrations among tools that enhance the actionability of data. Rainho further advocated for robust out-of-the-box integrations, emphasizing that effective consumption of intelligence is contingent upon ease of access and usability.
Looking to the Future of Threat Intelligence
As the panelists reflected on the future landscape of threat intelligence, several predictions emerged. They concurred that AI will empower CTI teams to combat AI-driven threats more effectively at scale. Additionally, third-party risk management is poised to grow in significance as an essential proactive defense strategy.
They noted that digital threats are anticipated to outpace traditional threats, necessitating a shift in focus. Importantly, while junior analysts’ roles will evolve alongside the integration of AI, their positions will remain relevant. Instead of replacement, AI is seen as a tool that will enhance workflows and streamline operations, ensuring that analysts can focus on strategic and impactful tasks.
For those interested in exploring these insights further, recordings of the North America and EMEA webinar sessions are available for viewing. Additionally, the 2025 State of Threat Intelligence Report can be downloaded to gain further insights into how peers are currently evaluating, investing in, and operationalizing threat intelligence.
