Team Cymru has revealed findings from a recent survey indicating a disconnect between cybersecurity strategies and their execution in real-world scenarios. Conducted with 121 leaders in information security, the research highlights many organizations’ struggles to maintain real-time visibility of threats beyond their network perimeters. The survey, titled the Voice of Cybersecurity Strategist Report, was conducted online starting April 17, 2025, and sought input from professionals tasked with setting cybersecurity strategy and managing budgets across various industries.
The report found a significant prevalence of security breaches, with 50% of security practitioners reporting a major incident in the past year. Among those affected, 72% credited their threat hunting programs with effectively mitigating the impact or preventing the breach altogether. However, the report emphasizes a troubling lack of comprehensive visibility, revealing that only 38% of participants claimed to have a complete, real-time understanding of threats outside their organizations.
While 45% described their visibility as “good,” the gap between adequate and comprehensive visibility is critical for operational readiness. Team Cymru outlined a “confidence versus capability” disconnect in security programs, particularly within critical infrastructure and government sectors. Many respondents expressed frustration over external threat intelligence gaps, with 45% identifying insufficient real-time threat intelligence as a primary issue, while 42% cited difficulties in integrating external threat data with internal tools.
The findings arrive amid rising security budgets, yet organizations continue to grapple with translating data into actionable outcomes. The report frames this challenge as one of execution, underscoring blind spots where potential risks emerge outside traditional network boundaries. Joe Sander, CEO of Team Cymru, remarked on the implications of external visibility for operational decision-making, stating, “Security teams are being asked to anticipate faster, address an increasing number of adaptive threats. The data shows many are still operating without the real-time external visibility needed to stay ahead.”
AI-enabled threats emerged as the primary concern among respondents, with 22% ranking them highest among emerging threats. Ransomware followed closely at 20%, while vulnerabilities in cloud services were identified by 17% of participants. The survey also revealed a trend towards prioritizing AI capabilities in threat intelligence decisions, with 52% of respondents citing the ability to leverage AI as a top evaluation criterion for threat intelligence investments. Furthermore, 61% deemed AI-enhanced threat detection and response as the most critical security capability for effective security programs.
Budget allocation trends highlight a shift towards external threat intelligence, with 60% of respondents dedicating 20% to 40% of their threat intelligence budget to external monitoring. An additional 32% allocate over 40% to this area, signifying a growing commitment to understanding threats beyond organizational boundaries. The report also noted a resourcing shift towards technology-led approaches, with 44% indicating a focus on technology over personnel in balancing their security strategies.
When assessing the effectiveness of external threat intelligence, respondents primarily measured outcomes based on early detection and rapid response, with 27% focusing on the ability to spot threats before they impact the organization. Half of the surveyed professionals reported the number of incidents prevented or detected as a key metric for communicating with boards and executive leadership. This reflects the mounting pressure on security leaders to demonstrate tangible operational results amid increasingly complex cyber threats.
Obstacles to funding initiatives for threat intelligence were also a concern, with 26% of respondents citing compliance requirements as a barrier, while competing priorities within security programs and limited executive understanding of external threats were noted by 23% and 22%, respectively. Regarding future priorities, the report indicated that 45% of participants plan to enhance the efficiency of their existing security teams over the next 12 to 24 months. Furthermore, aligning with regulatory compliance and consolidating threat intelligence suppliers were also highlighted as key areas of focus.
The survey results emphasize the ongoing significance of external monitoring, data integration, and the utilization of AI in detection and response strategies, as security leaders reassess their budgets and supplier choices in an evolving threat landscape.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
