行业研究公司研究宏观策略财报招股书会议纪要 Token 低空经济十五五 AIGC 大模型

2025威胁情报基准研究报告：从被动响应到主动预判

金融 2025-11-13 Forrester 生产-肖徐-审核报告小号

威胁情报基准：停止反应；开始预见

福雷斯特咨询公司于2025年1月对全球12个行业的1541名高级IT和网络安全领导者进行调查显示，组织因威胁和数据量激增以及技能短缺而面临风险。72%的受访者表示其组织主要处于被动反应状态，难以确定威胁优先级和快速响应。关键发现包括：

日益增长的威胁、数据量以及技能短缺使组织面临风险

60%的受访者缺乏熟练的分析员
61%的受访者面临过多的威胁情报源
47%的受访者担心因警报和数据量而错失真实威胁
82%的受访者认为其组织可能因警报和数据量而遗漏真实威胁

组织在将威胁情报投入实际运用中面临挑战

59%的受访者难以采取行动
66%的受访者难以与相关团队分享情报
60%的受访者表示其团队处理了过多的威胁情报源
49%的受访者难以核实情报的有效性或相关性

超越信息过载：可操作见解的重要性

组织需要完整、准确、相关且及时的可操作威胁情报
82%的受访者表示外部合作伙伴提供威胁局势的全面视角很重要
80%的受访者表示利用丰富多样的独特信息来源很重要

人工智能与外部威胁情报专家在实施威胁情报中的作用

86%的受访者表示其组织必须使用人工智能来提高将威胁情报转化为行动的能力
70%的受访者期望人工智能能让他们有更多时间专注于更高优先级的任务
59%的受访者期望人工智能能改善决策
79%的受访者表示供应商提供提升初级员工技能或在其团队中嵌入威胁情报分析师的服务是很重要的

关键建议

将威胁情报视为一种能力，而非信息源
定义智能需求和应用场景
拥抱人工智能，将其视为提高生产力的推动者
优先投资于分析师和可衡量的成果
实现跨职能的情报运营

Harness AI And Expert Insights To Transform Threat IntelligenceFrom Overwhelming To Actionable Table Of Contents 3Executive Summary4Key Findings5Growing Threat And Data Volumes As Well As SkillsShortages Leave Organizations Vulnerable10Organizations Struggle To Operationalize Threat Intelligence Mandy Polacek, Contributing Research:Forrester’sSecurity & Riskresearch group ABOUT FORRESTER CONSULTING Forrester provides independent and objectiveresearch-based consultingto help leaders deliverkey outcomes. Fueled by ourcustomer-obsessed research, Forrester’s seasoned consultantspartner with leaders to execute their specific priorities using a unique engagement model that Executive Summary As cyberattacks grow in frequency and sophistication, organizationsstruggle to keep up due to challenges like increasing, siloed threatintelligence feeds. Rather than aiding efficiency, myriad feeds inundatesecurity teams with data, making it hard to extract useful insights or In January 2025, Google Cloud commissioned Forrester Consulting toevaluate the state of cyberthreat intelligence (CTI) practices and strategies.Forrester conducted a double-blind online survey with 1,541 director+ ITand cybersecurity leaders at global enterprises across 12 industries toexplore this topic. The survey found that organizations are increasinglyvulnerable due to the vast amount of threats and data and a shortage ofskilled threat analysts. Despite the use of AI, human expertise remainsessential to help security teams interpret and apply threat intelligence with key Findings Data overload and skills gaps leave analysts drowning in informationand organizations at risk.A shortage of skilled threat analysts plus anoverwhelming volume of threat data leave organizations vulnerable. While Organizations struggle to operationalize threat intelligence.Respondentssaid their organizations rely on many threat intelligence sources, but mostfind it challenging to fully use this information to improve their securityposture. Many also found it hard to turn raw data from feeds into a decision Organizations are stuck in a reactive state.Due to the shortage ofanalysts and data overload, 72% of respondents said they can only reactto cyberthreats; they struggle to prioritize threats and respond quickly Becoming proactive will require actionable insights, superchargedby AI and embedded skilled analysts (as needed).To overcome thesekey challenges, organizations need actionable threat intelligence that iscomplete, accurate, relevant, and timely. They must lay the right foundation Growing Threat And Data Volumes As Well As Skills Shortages LeaveOrganizations Vulnerable Organizations today face a shortage of personnel who can effectivelyinterpret and act on threat intelligence. While AI is helping upleveldefenders, organizations struggle to use it consistently. At the same •Too few analysts are working with too many data feeds.Sixty percentof respondents reported that the lack of skilled threat analysts preventsthem from improving their threat intelligence capabilities, and 61% said •Organizations are turning to AI to ease theburden.Eighty-six percent of respondentsagreed that their organization must use AI •By industry, manufacturing respondents were most concerned,with 89% worried that they’re missing real threats due to alert anddata volume.Most threat intelligence is built for IT environments, butmanufacturers have a lot of operational technology, such as PLCs andSCADA systems, so they need highly tailored intelligence. Dealing with •Executives must urgently prioritize a proactive approach to securityas attacks grow in size and complexity.Eighty percent of respondentssay their senior leadership team underestimates their organization’scyberthreats (see Figure 4). The speed of attacks and the complexityof the threat landscape continue to increase. Respondents were most By industry, technology/technology services felt the most strongly thattheir leadership underestimates their organization’s cyberthreats, with84% agreeing. This could be due to leaders prioritizing innovation and (Responses of agree/strongly agree) Organizations Struggle To Operationalize Threat Intelligence Organizations rely on many information sourcesto stay abreast of vulnerabilities and emergingthreats: Respondents cited information sharingand analysis centers (ISACs) and paid external •Organizations gather threat intelligencefrom a variety of sources but value curatedinsights from paid threat intelligenceproviders and ISACs the most.Respondents,and especially those in APAC, rely on manysources for cyber intelligence, including ISACs,paid and open-source threat intelligencesolutions, social and traditional media, and Base: 1,541 senior IT and cybersecurityleaders at enterprise organizations inNorth America, Europe, and Asia PacificNote: Respondents were first askedwhich cyber intelligence sources theyuse and then which of those sourcesare most valuable. Responses show thep

点击免费查看完整报告