State of Threat Intelligence: Investment and Trends - Dark Reading

THREAT INTELLIGENCE State of Threat Intelligence: Investment and Trends Recorded Future’s CISO shares results from the 2025 State of Threat Intelligence Report, which shows that investment is up and programs are maturing. November 17, 2025 4 Min Read SOURCE: ALEKSEY FUNTAP VIA ALAMY STOCK PHOTO Sponsored by Recorded Future It’s no surprise that, as CISO of a threat intelligence company, I lead an intelligence-first security organization. My team is customer zero for Recorded Future solutions, so we’re constantly pushing the boundaries of what our Platform can do — both to strengthen our own security posture and to find new ways to help our customers strengthen theirs.  But as our founder Christopher Ahlberg said at our recent Predict 2025 conference, the vast majority of CISOs and other security leaders in every industry share the same vision. Whether our organizations are large or small, and whether we’re just starting out with threat intelligence or we’re far along in our maturity journeys, we have a desire for our intelligence to work as fast as our adversaries. We want to instantly turn insight into action. And we want to prove the value of our intelligence investments. So, how is everyone doing in the quest to achieve that vision?  Related:Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 To find out, Recorded Future takes the pulse of the cybersecurity industry every year and shares what we learn in our annual State of Threat Intelligence Report. This year, we surveyed 615 cybersecurity executives, managers, and practitioners to find out exactly how they’re using threat intelligence to protect their organizations, the challenges they face, and how they plan to invest in threat intelligence and evolve their programs over the next few years.  Their responses showed that, while there are some big challenges to work through, enterprises clearly understand the value of threat intelligence and are striving to make the most of it. Threat intelligence adoption, usage, and spending are up The report reveals that strategic planning and investment has become one of the most common threat intelligence use cases. Many organizations use threat intelligence to guide strategic business decisions related to technology purchasing decisions, risk assessments, and resource allocation. When threat intelligence is part of executive and board-level conversations, it has the ability to influence many strategic decisions, such as where to invest, which risks to accept, and how to respond to regulation.  The report also shows that eighty-three percent of respondents’ companies now have full-time threat intelligence teams, and 89% pay for at least one threat intelligence vendor.  And as far as investment goes, 76% spend US$250k or more a year on external threat intelligence products (excluding services), and 14% spend more than US$1 million a year. Despite challenges, security leaders are maturing their programs Related:Attackers Abuse LiveChat to Phish Credit Card, Personal Data Even as companies invest more heavily in improving their threat intelligence programs, they're running into some headaches with vendors. Forty-eight percent said they struggle to integrate their external threat intelligence vendor into their existing security tools, and many are also questioning whether their vendors are trustworthy (50%) and whether they're actually getting their money's worth (32%). Still, the survey found that security teams are getting better at what they do every year, with 49% now rating their program’s maturity as “advanced” as compared to 45% in 2024. In other words, more organizations say their security tools blend insights from different threat intelligence sources, they’ve got dedicated people focused on threat intelligence full-time, and they've automated workflows to integrate threat intelligence into multiple areas of their security programs. Where will leaders take their programs from here? When we asked people how they plan to improve the maturity of their programs, their responses were telling. Ninety-one percent said they intend to put more money into threat intelligence next year, and 81% will consolidate duplicative vendors and focus on those that can handle these five critical capabilities well: Related:The Data Gap: Why Nonprofit Cyber Incidents Go Underreported Analyzing and contextualizing threats  Threat hunting and proactive detection  Supporting incident response and investigations  Vulnerability research and prioritization  Strategic threat landscape analysis and reporting  With these improvements in mind, 87% of respondents say they expect to significantly evolve their threat intelligence maturity over the next two years. Where does your program stand today? With modern threats constantly evolving and encompassing new malware families, new techniques, and new targets, it’s heartening to see that organizations are committed to investing in and evolving their use of threat intelligence.  Threat intelligence should amplify your team, not burden them. It should strengthen every tool you own. And your insights should transform into prevention, automatically. Dive into the details in the full 2025 State of Threat Intelligence Report to benchmark your program against your peers’ and find strategies to help accelerate your maturity journey. And explore our top 10 takeaways from Predict 2025, where we examined the future of intelligence-driven, autonomous defense.   By Jason Steer, CISO, Recorded Future About the author: Jason Steer is CISO at Recorded Future. Jason has global responsibility for ensuring the protection, integrity, and confidentiality of all customer-facing services, internal operational systems, and related information assets. He has previously held positions at a number of successful security companies, including IronPort, Veracode, and FireEye. Jason’s expert commentary has been featured in BBC, CNN, and Al Jazeera, and he has worked with both the EU and UK Governments on cybersecurity strategy. Read more about: Sponsor Resource Center More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE What CISA's Red Team Disarray Means for US Cyber Defenses by Becky Bracken, Senior Editor, Dark Reading MAR 21, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE