SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Computer security operations center professionals monitoring threat maps
#
Advanced Persistent Threat Protection
#
SOC
#
AI

AI & automation key to improving threat intelligence maturity

Fri, 11th Jul 2025
Author image
By Shannon Williams, Journalist

A new survey by Cyware indicates that a significant proportion of IT professionals believe their organisations' threat intelligence programmes are not functioning at an optimal level.

The research, based on responses from security professionals, reveals that 80% of IT professionals see their threat intelligence programmes as not fully operationalised, emphasising ongoing challenges in the operational maturity and automation of legacy threat intelligence capabilities. The results underscore a developing interest in AI-driven technology to accelerate, contextualise, and automate threat detection and response across organisations.

Automation challenges

The survey pointed out that 30% of respondents are facing the issue of having too many threat intelligence feeds with insufficient contextual information. In parallel, 29% cited a lack of automation or playbooks as a barrier to operational effectiveness, while 18% noted insufficient dedicated staff for threat intelligence. These factors collectively highlight the need for advanced threat intelligence platforms enriched with AI and automation.

Automation was ranked as the most desirable capability for threat intelligence platforms (TIPs), with 48% of those surveyed identifying it as a priority. This was closely followed by contextualisation and enrichment at 37%, and improved risk scoring at 34%.

"We are excited to see this validation, coming straight from security practitioners, for how we've designed automation across the threat intelligence management lifecycle," said Anuj Goel, CEO and Co-founder of Cyware. "Our unified threat intelligence solution automates ingestion, normalisation, de-duplication, enrichment and all the way through to threat actioning, facilitating and accelerating the full threat workflow."

Over half (51%) of cybersecurity professionals surveyed believe artificial intelligence is best placed to automate threat triage and prioritisation. However, supporters of automation are cautious: 61% indicated they would trust AI agents to take only limited autonomous actions, such as blocking indicators of compromise or quarantining endpoints, provided there is human oversight.

Maturity and sharing gaps

The results also illustrated deficiencies in the operational maturity of threat intelligence programmes. Only 20% of respondents claimed their threat intelligence with response integration was "fully operationalised", revealing a gap between what legacy TIPs deliver and current programme requirements.

Of those using legacy threat intelligence platforms, only 17% employ them to automate response workflows and 27% use them to enrich incidents and alerts. This points toward unexploited potential in more modern platforms.

Despite nearly three-quarters of respondents (74.7%) recognising the need to improve sharing practices, only 16% are actually sharing intelligence with partners or peers. Furthermore, just 38% of organisations polled reported having a defined threat intelligence sharing process that includes their supply chain. These figures suggest untapped opportunities for increasing resilience through improved collaboration and information sharing.

Ai-assisted correlation of indicators of compromise and tactics, techniques and procedures was identified as the most valuable AI-powered TIP capability by 39% of survey participants.

Growing demand for AI

Brett Candon, VP International at Cyware, commented on how the findings echo an industry-wide sentiment about the limits of traditional tools:

"The survey confirms what many in the industry are already feeling – that traditional approaches to threat intelligence are no longer enough. Security teams need AI-powered tools that can enrich data with context, automate time-consuming workflows and support real-time decision making. The opportunity is an augmented system from AI and automation that maintains human verification or oversight while improving their capacity to defend against the volume and complexity of today's threats."

The research also showed a significant preference among IT professionals for automating triage and prioritisation processes, albeit with continued human involvement in the execution phase. 61.3% of respondents agreed that they would trust AI agents with automated actions, as long as human oversight remains in place.

Cyware's findings shed light on persistent gaps in operational maturity, process automation and intelligence sharing within cybersecurity, alongside a demand from IT professionals for solutions that balance automation and AI with human judgement and control.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ransomware, AI & vendor risks drive billions in 2025 breaches
DevOps platforms see surge in outages & downtime in 2024 report
UK universities & insurers launch GBP £2 million AI risk project
Bitdefender named sole Visionary in 2025 Gartner EPP report
Netskope named Leader in Gartner SASE Magic Quadrant again

Top stories

F5 unveils AI Assistant to automate iRules & simplify app security
Rubrik boosts AWS database security with DynamoDB, RDS tools
Fortinet named SASE leader by Gartner, eyes USD $28.5 billion market
Chargebacks911 report reveals USD $170 billion hit from fraud
Mobile app breaches cost firms USD $7 million despite confidence