Threat Intelligence, Incident Response

Organizations track response, not prevention, survey finds

Holographic digital shield with warning sign hovers over glowing circuit board. Cybersecurity threat detection system uses futuristic tech for network protection. Data safety alert.

Despite increased investment in threat intelligence, organizations remain unable to translate signals into prevention, according to a new Malanta survey of 100 security professionals, Forbes reports.

Most enterprises now operate five to eight feeds, with some managing as many as 53, yet 71% report significant overlap and 100% of respondents identified the same breakdown: connecting signals to real threats. The survey reveals that 84% of organizations rely on manual or reactive approaches, with only 31% having fully automated ingestion and blocking. Analysts spend one to two hours weekly on indicator validation, with 17% spending several hours daily.

Critically, 91% track Mean Time to Respond and 89% track Mean Time to Detect, both response metrics, while only 12% measure prevention-oriented indicators, and zero percent measure pre-attack disruption. One VP of cloud engineering noted, "We would love to have a prevention KPI... that talks about what was prevented, not just how fast we cleaned up."

Half of respondents cited detection gaps as the primary obstacle, lacking visibility until damage occurs. What organizations want, actionable context, earlier visibility, reduced noise, automated prioritization, prevention metrics, remains elusive as manual processes and duplicate feeds persist.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds