No less than 82 percent of security professionals say their teams may be missing critical threats due to an overload of alerts and data. This is according to new research by Forrester, commissioned by Google Cloud.
Organizations are facing a paradox: while they have more and more threat information at their disposal, there are too few analysts to work with it effectively. Forrester’s new survey makes it clear that virtually every security and IT manager is concerned that critical threats are being missed due to the abundance of alerts and data. 82 percent of respondents say that the volume of alerts is so high that it is impossible to filter and prioritize everything properly. As a result, many teams remain stuck in reactive mode, rather than using data connection and predictive analytics to avert danger.
The survey results reveal some striking bottlenecks. Sixty-six percent struggle with sharing threat intelligence with other teams, and in 80 percent of cases, management underestimates the threat landscape. The data also shows that 61% find it too complicated to navigate the overwhelming number of threat intelligence data feeds, and 60% experience a shortage of qualified analysts. For 59%, it is difficult to translate threat data into concrete actions, while 59% also find threat validation challenging.
Seventy-seven percent of respondents indicate that it is difficult to assess the relevance of threats to their own organization, which leads to delays and noise in decision-making.
Blind spots in security teams
These bottlenecks cause security teams to experience significant shortcomings in their approach. No less than 86 percent experience blind spots in their overview of the threat landscape, while 85 percent say that too little time and attention is paid to emerging threats. Seventy-two percent say they mainly operate reactively rather than proactively responding to threat trends.
According to the researchers, the crucial step is to seamlessly integrate threat intelligence into security workflows and tooling. By embedding data directly into existing security processes and tools, access to and analysis of threat information can be accelerated and made more efficient. AI plays an indispensable role in this: by summarizing large amounts of raw data, prioritizing it, and taking over trivial tasks, it frees up human analysts to focus on critical decisions and incident response.
More than 86 percent of respondents agree with this approach and consider AI essential to making threat intelligence operational. More than two-thirds recognize that automatic summaries of threat information deliver the greatest efficiency gains. AI is used to prioritize, make threats understandable, and communicate effectively within organizations.