The Second Annual Ponemon Study - The Value of Threat Intelligence

Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating threat intelligence into their security programs, with 80% of North American respondents using threat intelligence (up from 65% in 2016). Whether or not their organization currently has a threat intelligence program, 84% of participants agreed that threat intelligence is “essential to a strong security posture.”

Despite increased adoption, many of the challenges of threat intelligence remain the same. 69% of respondents indicated that threat intelligence data is too voluminous and complex to provide actionable intelligence. Other top reasons for threat intelligence ineffectiveness include:

  • 71% Lack of staff expertise
  • 52% Lack of ownership
  • 48% Lack of suitable technologies

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, commented on these challenges, stating, “It’s abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption. Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization’s security program. The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.”

Respondents identified a few key factors to successfully establishing a threat intelligence program, including:

  • 80% Deploying a threat intelligence platform
  • 65% Integrating SIEM with a threat intelligence platform
  • 54% Having a qualified threat analyst on-staff

Many organizations choose to leverage a threat intelligence platform (TIP) because they are useful for automating tasks, weeding out false positives, adding context, and integrating with existing security solutions. Threat intelligence platforms also prove critical for threat intelligence sharing, which remains a challenging task for security professionals. Only 50% of respondents currently participate in industry-centric sharing initiatives such as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant intelligence, collaboration with peers, and networking with other security teams. Of those organizations, the majority (60 percent) only receive threat intelligence through ISACs but do not contribute intelligence. The biggest hurdles to outbound intelligence sharing include a lack of expertise (54 percent) followed by fear of revealing a breach (45 percent).

The study also uncovered an interesting disparity in threat intelligence sharing between U.K. organisations and their U.S. counterparts:

  • 43% of U.S. respondents are part of an ISAC, while just 33% of UK businesses are, showing a potential lag in cyber security maturity
  • 35% U.K. organisations share intelligence with government associations, versus 26% U.S. businesses, demonstrating a willingness to help with attribution of cyber attacks

To learn more, download the free report or listen to a podcast interview with the author of the report, Larry Ponemon


Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now