RSA Conference Survey Reveals That 92% Believe Threat Intelligence Is Critical — But Most Organizations Still Struggle to Operationalize It

Cyware survey identifies significant gaps in internal collaboration, tool integration, and automation — with only 13% confident their systems currently work well

Cyware, the industry leader in threat intelligence operationalization, collaboration, and orchestrated response, today released the results of an onsite survey conducted at RSA Conference 2025. The survey captured insights from 100 cybersecurity executives and professionals across enterprises, government agencies, and service providers about how organizations are operationalizing threat intelligence across their security operations.

The findings reveal a sharp disconnect between awareness and action: While nearly all respondents (92%) said collaboration and information sharing are either “absolutely crucial” or “very important” in the fight against cyber threats, the data tells a different story when it comes to the adoption of this practice. Only 13% said their current automation between cyber threat intelligence (CTI) and SecOps tools is working well, and nearly 40% struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.

“The RSAC survey data reveals a serious gap between that belief and the operational reality,” said Anuj Goel, Co-founder and CEO of Cyware. “Threat intelligence isn’t just about collecting data — it’s about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations.”

Key survey findings:

• Internal collaboration and automation maturity remain major gaps: While 92% of respondents said threat intel sharing is “absolutely crucial” or “very important,” only 13% said their automation between CTI and SecOps tools is working well.
• AI optimism is high, but its implementation is still uneven: 78% of respondents believe AI will improve threat intel sharing within their organization, but only 43% say it’s made a meaningful impact so far.
• Threat intel sharing is not occurring in real time: Only 17% of teams share threat intel across roles like SecOps, IR, and vulnerability management in real time, while another 25% do so daily. 22% reported sharing information rarely or not at all.
• External threat intel sharing collaboration has much room for improvement: While 57% of respondents said their organization collaborates with industry peers to improve threat intel, 30% were unsure if such collaboration even exists.
• Automation gaps persist: More than half of respondents (56%) reported either significant or moderate challenges automating workflows across CTI and SecOps teams.
• ISAC participation is low or unknown: Only 18% confirmed that their organization is part of an Information Sharing and Analysis Center (ISAC) or Organization (ISAO), while 45% said they didn’t know. That lack of clarity could be limiting access to valuable sector-specific threat insights — and further compounding intelligence silos.

The survey results reflect growing urgency to bridge the gap between threat intel awareness and execution. As cyber threats grow more complex and coordinated, Cyware is helping organizations unify threat ingestion, sharing, and response — powered by AI and hyper-automation.

To learn how Cyware is helping organizations transform threat intelligence into coordinated defense, visit www.cyware.com.

About Cyware

Cyware is leading the industry in operational threat Intelligence and collective defense, helping security teams transform threat intelligence from fragmented data points to actionable, real-time decisions. We unify threat intelligence management, intel sharing and collaboration, as well as hyper-orchestration and automation — eliminating silos and enabling organizations to outmaneuver adversaries faster and more effectively.

From enterprises to government agencies and ISACs, Cyware empowers defenders to turn intelligence into impact.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250520357677/en/

“Threat intelligence isn’t just about collecting data — it’s about connecting people, processes, and platforms to act on it," said Anuj Goel, Co-founder and CEO of Cyware.