Only 39% of Organizations Use Threat Intelligence to Prevent or Mitigate Cyberattacks

Published on
February 1, 2024

New York, NY, February 1, 2024 – The struggle to efficiently harness and optimize threat intelligence tools is a critical pain point for security teams. Recognizing this problem, the latest Cybersecurity Buyer Intelligence Research (CBIR) reportfrom CyberRisk Alliance, underwritten by eSentire and titled "Threat Intelligence: Organizations seek expertise and guidance to help build their CTI programs," offers an in-depth look at the challenges and successes experienced by security practitioners in the field.

“What’s immediately clear is that many organizations are flying blind,” said Bill Brenner, SVP of content strategy at CyberRiskAlliance. “Roughly six in 10 do not have a functioning threat intelligence operation, which could indicate they’re relying on ad hoc processes and guesswork to keep threats at bay. There’s an opportunity to control this chaos, but organizations will need help from experts and industry trailblazers. Our hope is that this report spurs conversation about what that help looks like and how we can get there.”

Key insights from the report include:

  1. Most organizations still procrastinate when it comes to threat intelligence Six in 10 organizations do not currently use threat intelligence to mitigate or prevent cyberattacks, but 55% plan to add it to their arsenal in 2024.
  2. Integration and real-time data analysis a must for cybersecurity threat intelligence (CTI) platforms Buyers of threat intelligence products prioritize solutions that easily integrate with existing infrastructure, offer real-time data analysis, and provide dashboard visibility of pertinent threat data. 90% of those polled in our CBIR rely on technical threat intelligence for information on threat actors, IP addresses,domains, URLs, and other risks, while 80% rely on tactical threat intelligence to combat immediate threats and enable real-time monitoring. 70% employ operational threat intelligence, focused on the day-to-day tactics, techniques, and procedures (TTPs) of threat actors, and 58% rely on strategic threat intelligence to provide insights into long-term trends and emerging threats for a non-technical audience.
  3. Automated response and machine learning on the horizon to enhance threat intelligence A majority (61%) of threat intelligence practitioners do not have a strategy for using automated response or machine learning. However, at least a third of respondents reported that they expect to scale up these capabilities in the next 12 months.
  4. Organizations seek assistance in implementing threat intelligence Security vendors have an opportunity to help organizations overcome challenges to implementing threat intelligence — including overall costs, disruption to workflows, enforcing zero trust, filling workforce gaps, and ensuring compatibility with legacy systems. Among the top challenges organizations face in implementing threat intelligence, those polled for our CBIR cited filtering out false positives/noisy data (65%), keeping pace with evolving threat intelligence (59%), and correlating security data across all sources (51%).

This report is not just an analysis of current practices but also serves as a resource for organizations aiming to bolster their cyber defenses by improving their use of threat intelligence tools.

For security practitioners seeking to overcome these hurdles and enhance their threat intelligence capabilities, the full Cybersecurity Buyer Intelligence Report (CBIR) is an important resource. Discover how to turn your threat intelligence tools into a formidable component of your security arsenal. Access the complete report here.

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and innovative events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, TECH EXPO Top Secret, Security Weekly, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, Cybersecurity Collaborative, ChannelE2E, MSSP Alert, and LaunchTech Communications. Learn more at

About eSentire

eSentire, Inc., the Authority in Managed Detection andResponse (MDR), protects the critical data and applications of 2000+organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability.By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire’s award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. Learn more at and follow us on LinkedIn.

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.