The current state of threat intelligence | Cyber Security Hub - Cyber Security Hub

Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense Filter Categories The current state of threat intelligence Exploring the trends, challenges and investment opportunities that exist in the digital age Add bookmark Olivia Powell 09/13/2023 16 Shares Share Post Share Email Share As the threat landscape evolves, threat intelligence must work harder and faster to anticipate emerging, dangerous threats. Cyber Security Hub research has found that globally, 84 percent of companies have experienced a cyber attack in the past 12 months.  In this report, Cyber Security Hub explores the current state of threat intelligence, how threat intelligence is evolving and the future of threat intelligence. It offers relevant statistics, expert insight and case studies that highlight the importance of threat intelligence to good cyber security. Key takeaways: The current state of threat intelligence. How to overcome common threat intelligence issues. The future of threat intelligence. The current state of threat intelligence Threat intelligence covers investigation, data collection and attack analysis with the aim of understanding why and how an attack was launched. It helps cyber security professionals understand why malicious actors target certain people or organizations. Based on their own threat intelligence analysis, cyber security professionals told Cyber Security Hub they expect key employee/role targeting, malware and ransomware to be the threat vectors that will have the biggest impact in 2023. These threat predictions seem set to become reality: 81 percent of companies reported they experienced cyber attacks that directly targeted employees, eight in 10 cyber security professionals said ransomware is a “danger” and a “threat” to public safety, and more than one billion malware programs are believed to be active around the world. Research by Cyber Security Hub found that 25 percent of cyber security professionals believe threat intelligence is the most important priority for cyber security investment in 2023, with the threat intelligence market predicted to grow from US$4.93 billion in 2023 to $18.11 billion in 2030. Jojo Nufable, group IT infrastructure and cyber security head at Philippines-based hospital operator Metro Pacific Health Solutions, notes that threat intelligence is integral to ensuring that companies can withstand and recover from cyber attacks.  “Threat intelligence encourages the use of applying best practice, paving the way for cyber security teams to see threats and risks before they are realized,” he explains. “This is the best course of action as it means they are able to remediate before an attack is in full swing.  “Threat intelligence also helps to minimize false positive and high noise feeds of security events and information and streamlines threat response by having an adaptive and agile incident response management system,” he adds. By focusing on threat intelligence, companies ensure that they are in a better position to respond to threats as they are being proactive rather than reactive. This allows them to stop malicious actors before they cause damage to their networks. What prevents threat intelligence from being effective? There are numerous challenges cyber security professionals encounter when collecting and applying data used to inform threat intelligence. When surveyed by Cyber Security Hub, 38 percent of cyber security professionals said their biggest non-threat-based challenge was a lack of company-wide training/understanding of cyber security, and 37 percent cited the integration of cyber security into company culture. The impact on threat intelligence from both challenges means cyber security teams need to be extra vigilant in the face of other employees who will not understand how to safeguard against the cyber attacks their organizations are most likely to face. Telecommunications company Verizon found that 74 percent of all data breaches include a human element. Whether through human error, privilege misuse, the use of stolen credentials or social engineering-based attacks, the importance of properly educating employees cannot be understated. Kim Crawley, cybersecurity expert and author of upcoming book Hacker Culture: A to Z (set to be published in October 2023), says that threat intelligence can help companies ensure that the right incident detection, response and recovery process is in place for the threat vector they are facing.  “Threat intelligence is most effective when an organization can determine that "x" is a vulnerability in their networks and threat modelling determines that attackers would exploit "x" by doing "y". Then you look for intelligence pertaining to "x" being used for "y." That way you can gather threat intelligence that's actually useful and relevant,” she explains. Anthony Lim, fellow of cyber security and governance at Singapore University of Social Sciences, notes that threat intelligence must be used to create a proper, working and tested incident response plan.   Lim explains that this was seen in the inquiry report for the biggest data breach case in Singapore to date. The 2018 cyber attack saw unknown state actors steal the data of 1.5 million patients from the country’s largest healthcare group, SingHealth. The breach took place between June 27 and July 4, 2018, and was committed by hackers directly targeting Prime Minister Lee Hsien Loong. An investigation into the breach revealed that the malicious actors had created and deployed custom malware with the aim of circumventing SingHealth’s cyber security tools. It was also revealed that cyber security vulnerabilities flagged in a 2016 internal audit had not been rectified prior to the attack. Lim explains that the investigation also found that the company’s incident response management was broken and if it had not been, the attack could have been prevented. “Although [SingHealth] did have an incident response plan, it fell short in three critical ways: staff were unaware of what to do, including how or when to report a cyber security incident and to whom. Instead of escalating the incident up the chain of command, it went unreported as employees tried to deal with it on their own; staff did not have adequate cyber security awareness and training, meaning they were unable to understand the severity of the attack or how to respond effectively to it; and though there was a framework in place to report cyber security incidents, employees were not sufficiently trained on how to use it,” Lim further explains. How has threat intelligence evolved? As threat vectors have evolved, so has threat intelligence. With the progress the digital age has brought, cyber security professionals have harnessed new technologies like artificial intelligence (AI) and machine learning (ML) to prevent malicious actors from gaining access to their networks. Additionally, cyber security professionals have changed their threat defense strategy from reactive to proactive. Instead of mitigating threats, cyber security professionals are working to wholly prevent them by using threat intelligence to inform a proactive incident response plan. This section will explore how threat intelligence is evolving with the introduction of new technologies and attitudes, including artificial intelligence and a move from reactive to proactive threat detection and response strategies. The adoption of AI and ML Artificial intelligence (AI) in cyber security was valued at US$10.5bn in 2020, has been forecast to increase to $46.3bn by 2027 and is fundamentally changing the way threat intelligence operates. By using AI, cyber security teams can solve common threat intelligence issues like lack of time, competing priorities and a lack of cyber security knowledge or expertise. For example, Google has introduced AI-powered threat intelligence to address “threat overload, toilsome tools and the talent gap”. Information technology and cybersecurity expert Amanda Fennell, an adjunct professor in the Tulane School of Professional Advancement, notes that there are many applications of AI within the realm of threat intelligence.   “From the lowest level of chip design to programming interfaces, there are optimization problems that AI may be able to find the information to solve. We are all on the lookout for those products that are linking as much telemetry as possible and learning from it in real time to prevent adversaries from gaining traction in the cyber realm,” she notes. Crawley shares that she believes the future evolution of cyber threats is being driven through more sophisticated and publicly accessible AI technologies, for example cyber criminals utilizing generative AI chatbot ChatGPT in a range of ways. She notes, however, that this does not mean the technology should be outlawed but that the cyber security community will need to pay better attention to how malicious actors use AI so they can stay a step ahead of them. Moving from reactive to proactive threat intelligence As threat intelligence technology has evolved, so has the approach to threat intelligence. Instead of creating a reactive incident response plan, which explains how to respond to current or ongoing cyber attacks, cyber security professionals are instead looking to create a cyber resilient culture.  Irina Tsukerman, US national security lawyer and geopolitical analyst, says: “The threat intelligence market is still ballooning. Research suggests the market size of global threat intelligence is expected to be at $16.1 billion by 2025. As the role of security teams will become bigger, their approach to incident response will move from reactive to proactive. They will collaborate and interact more at different levels and be responsible for offering threat intelligence that identifies risks and defines business goals. Moving forward, threat intelligence will enable security teams to effectively predict and prevent threats at the earliest and promote proactive threat response.” Cyber resilience revolves around detection and response, while cyber risk management means that companies make decisions on their threat intelligence strategy based on the company as an individual entity. By doing this, organizations identify the threat vectors they are most likely to come up against and make an incident response plan based on this. Final remarks Threat intelligence is an undeniably important part of cyber security. Only by investigating and analyzing cyber attacks can cyber security professionals form a proactive and effective incident response plan. Threat intelligence has grown and developed in tandem with the threat landscape; as malicious actors have started to utilize technologies like AI and ML, cyber security professionals have further developed their threat intelligence strategies. Likewise, as the rate and volume of cyber attacks increase, threat intelligence has moved from purely reactive to proactive. This helps both prevent attacks and mitigate them if they do occur. The internal culture of organizations has also changed, with those outside of cyber security teams recognizing the danger cyber security threats pose to the business as whole. This means that even those outside of the cyber security team are looking at how threats affect them and what they can do to prevent cyber attacks. It is important that current research into threats is used to inform threat intelligence strategies and that innovation continues in this area, thereby offering organizations the best chance of preventing and mitigating cyber security threats.  Tags: Cyber Security Cyber Security Incident Cyber Attack Comments You must Login or Subscribe to comment. Upcoming Events 16th Automotive Cybersecurity Summit 2026 March 18 - 19, 2026 Sheraton Ann Arbor Hotel, Ann Arbor, Michigan Register Now View Agenda View Event Digital Identity Week 1st - 2nd September 2026 Intercontinental Double Bay, Sydney Register Now View Agenda View Event Follow Us           Subscribe to our Free Newsletter Insights from the world’s foremost thought leaders delivered to your inbox. Subscribe Latest Webinars From Dependencies to Defences: Navigating Software Supply Chain Security 2025-09-24 11:00 AM - 12:00 PM SGT Learn how to defend your software supply chain from dependency threats and build resilient security... Unpacking global regulatory frameworks to enhance third-party operational resilience 2024-11-14 11:00 AM - 12:00 PM EST Join this webinar to explore the resilience-focused requirements of DORA, NIS2 and other global regu... Preventing financial and reputational risk with process intelligence 2024-05-23 11:00 AM - 12:00 PM EDT Learn how to manage risk stemming from poorly controlled processes in a collaborative way Recommended Online Ransomware defense: Moving beyond payment bans to true cyber security 2025-02-25 By Simon Pamplin Online How to educate employees on the risks of non-secure data transfer 2023-11-28 By Olivia Powell Online Securing data and systems with proactive penetration testing 2023-11-28 By Alex Vakulov Online 10 cyber security misconfigurations you should fix right now 2023-11-23 By Michael Hill Online How to educate employees on the risks of non-secure data transfer 2023-11-28 By Olivia Powell Online Securing data and systems with proactive penetration testing 2023-11-28 By Alex Vakulov Online 10 cyber security misconfigurations you should fix right now 2023-11-23 By Michael Hill Online When will AI be fully integrated into cyber security? 2023-04-05 By Olivia Powell FIND CONTENT BY TYPE News Case Studies Interviews White Papers Videos Cyber Security Hub COMMUNITY About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners ADVERTISE WITH US Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market. Advertise Now JOIN THE Cyber Security Hub COMMUNITY Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more. Become a Member Today Cyber Security Hub, a division of IQPC © 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings. Careers With IQPC | Contact Us | About Us | Cookie Policy We use cookies and similar technologies to recognize your visits and preferences, as well as to measure the effectiveness of campaigns and analyze traffic. To learn more about cookies, including how to disable them, view our Cookie Policy OK Privacy Preference Center When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All Manage Consent Preferences Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Performance Cookies Always Active These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Functional Cookies Always Active These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Targeting Cookies Always Active These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices