On April 6, 2023, CSO reported on a research report from ESG on the challenges that face cyber security leaders when making decisions based on cyber threat intelligence. According to the report, “95% of enterprise organizations (those with more than 1,000 employees) have a threat intelligence budget, and 98% plan to increase spending on threat intelligence over the next 12 to 18 months.”
ESG reports that they “380 cybersecurity professionals at organizations in North America (US and Canada) with knowledge of and participation in their organization’s CTI programs.”
Key takeaways from the ESG report include:
- 85% of security professionals believe their CTI program requires too many manual processes.
- 82% percent of security professionals believe that CTI programs are often treated as academic exercises.
- 72% of security professionals believe that it is hard to sort through CTI noise to find what’s relevant for their organizations.
- 71% of security professionals say it is difficult for their organizations to measure ROI on its CTI program.
- 63% percent of security professionals say that their organization doesn’t have the right staff or skills to manage an appropriate CTI program.
RH-ISAC Community Comparison
In the 2022 CISO and Practitioner Benchmarks, the RH-ISAC research team surveyed membership about their perception of their organizations’ capabilities and skill sets. A key divergence in the RH-ISAC benchmarks and the ESG report is that an overwhelming majority of RH-ISAC members feel that their skillsets are adequate for a successful CTI program. A key similarity between the findings is that lacking toolsets are identified as a key challenge.
In the Practitioner Benchmark Report, we found:
- 66% of member analysts reported CTI as a key job function.
- 18% of member analyst ranked their CTI skills as beginner level, 34% ranked their skills as intermediate, 28% ranked their skills as advanced, and 14% ranked their skills as expert.
- 66% of member analysts identified understaffing as a key challenge to job effectiveness, with overtasking (55%), lack of environmental visibility (45%), and inadequate toolsets (32%) filling out the list.
- 93% of practitioners feel they have the necessary skill sets they need to perform their jobs effectively, and more than 80% believe their teams have the necessary skill sets to effectively protect critical assets and information.
- 87% said their organization enables them to develop the skillsets they need to be effective in their current roles.
- 26% of practitioners said threat intelligence is a top organizational risk, and 7% identified threat intelligence as a top initiative for 2023.
In the CISO Benchmark Report, we found:
- CISOs outlined CTI as the fourth priority in their responsibilities, behind security ops, vulnerability management, and security awareness.
- Threat intelligence was a top outsourced capability, with between 38% of respondents saying they outsourced their CTI capability.
Threat intelligence was the second organizational risk for CISOs, with 29% of respondents identifying CTI as a major concern.