Recorded Future recently hosted a pair of webinars to delve into findings from the 2025 State of Threat Intelligence Report, drawing insights from cybersecurity executives and practitioners. The report reveals a notable increase in threat intelligence spending, with 76% of organizations allocating over $250,000 annually and 91% anticipating further increases in 2026. Most significantly, 87% of respondents expect to enhance the maturity of their threat intelligence programs within the next two years.
High-performing teams leverage threat intelligence not only for detection purposes but also to guide strategic business decisions and effectively communicate risks to leadership. Jack Watson, Senior Threat Intelligence Analyst at Global Payments, emphasized the need for a comprehensive approach, noting that “one alert opened and one alert closed does not necessarily equate to one single adversary being stopped.” This perspective has led teams to adopt a holistic view when addressing security challenges.
Omkar Nimbalkar, Senior Manager of Cyber Threat Research and Intelligence at Adobe, added that ongoing work in threat intelligence reveals patterns in their environments, helping teams understand their risk posture and informing business decisions based on changing threats. Ryan Boyero, Senior Customer Success Manager at Recorded Future, pointed out that context and storytelling derived from threat intelligence are crucial for leadership engagement. “Without threat intelligence,” he remarked, “you can’t really tell the story or paint the picture to deliver to senior leadership in order to help make the best and informed decisions possible.”
Nimbalkar highlighted the delivery of tailored threat intelligence to various business units and product teams at Adobe, allowing them to monitor specific behavioral activities and counteract particular threats. Boyero noted that Recorded Future’s clients in EMEA are utilizing threat intelligence to educate leadership, fostering an environment where executives are informed, rather than alarmed, about potential threats. This proactive approach is essential for success in cybersecurity.
Erich Harbowy, Security Intelligence Engineer at Superhuman, stated that threat intelligence not only aids in informing leadership about risk but also demonstrates the value of their work. “How do I prove my worth?” he queried, underscoring the need for actionable insights that can quantify past incidents and inform future strategies.
The Anatomy of a Mature Threat Intelligence Program
According to Nimbalkar, maturity in threat intelligence programs is achieved when foundational tactical and operational tasks are completed. This advancement hinges on efficiency and optimization, ensuring high-fidelity indicators to reduce noise and enhance detection quality. Understanding adversarial tactics and collaborating with cross-functional teams are vital steps in this maturation process. “Once you have figured out all these workflows, automated as much as you can, optimized and made it efficient, and then you focus more on risk reduction across the environment and more on strategic initiatives, that’s a very good maturation,” he explained.
Watson described maturity as the ability to ingest and act upon intelligence effectively. He noted that while data ingestion has become easier, the challenge lies in filtering through the vast amounts of information. Mature organizations are increasingly developing automated workflows and customizing capabilities to enhance their intelligence operations, often employing AI in innovative ways.
Nick Rainho, Senior Intelligence Consultant at Recorded Future, emphasized the importance of solid intelligence requirements as a pathway to advancing maturity. He recommended focusing on essential intelligence aligned with senior leadership’s priorities, particularly when resources are limited. Boyero echoed this sentiment, advocating for a collaborative approach to define success in threat intelligence initiatives.
Information overload remains a pressing issue for Cyber Threat Intelligence (CTI) teams. As Watson pointed out, while having more data is generally better, it must be manageable to be useful. Nimbalkar remarked on the necessity for vendors to provide better integrations to enhance data actionability, while Rainho called for improved out-of-the-box integrations between intelligence tools to better serve security teams’ needs.
Looking to the future, panelists expressed optimism that AI will empower CTI teams to combat AI-driven threats more effectively. They foresee third-party risk management becoming increasingly crucial for proactive defense strategies, while digital threats are expected to continue outpacing physical ones. Although junior analysts may not be replaced by AI, their roles are anticipated to evolve significantly as they leverage AI to streamline their workflows. The insights from these discussions underscore the growing significance of threat intelligence in shaping organizational security strategies amid a rapidly changing threat landscape.
See also
AI-Driven Cybersecurity Startups Capture 50.5% of Global VC Deals in 2025
Kaspersky Reveals 2026 AI Cybersecurity Predictions Amid Rising Deepfake Threats
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
