Threat intelligence is crucial but organizations struggle to use it
While 92 percent of respondents to a new survey say collaboration and information sharing are either 'absolutely crucial' or 'very important' in the fight against cyber threats, the results tell a different story when it comes to the adoption of this practice.
The study from Cyware, conducted among cybersecurity professionals at the RSA Conference 2025, finds only 13 percent say their current automation between cyber threat intelligence (CTI) and SecOps tools is working well. Nearly 40 percent day they struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.
"The RSAC survey data reveals a serious gap between that belief and the operational reality," says Anuj Goel, Co-founder and CEO of Cyware. "Threat intelligence isn't just about collecting data -- it's about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations."
Where AI is concerned optimism is high, but its implementation is still uneven. 78 percent of respondents believe AI will improve threat intel sharing within their organization, but only 43 percent say it’s made a meaningful impact so far.
Only 17 percent of teams share threat intel across roles like SecOps, IR, and vulnerability management in real time, while another 25 percent do so daily. 22 percent report sharing information rarely or not at all. While 57 percent of respondents say their organization collaborates with industry peers to improve threat intel, 30 percent are unsure if such collaboration even exists.
Automation efforts are also mixed, 56 percent report either significant or moderate challenges automating workflows across CTI and SecOps teams.
Only 18 percent say that their organization is part of an Information Sharing and Analysis Center (ISAC) or Organization (ISAO), while 45 percent say they don't know. That lack of clarity could be limiting access to valuable sector-specific threat insights -- and further compounding intelligence silos.
You can learn more on the Cyware site.
Image credit: Awargula/Dreamstime.com