Threats to organizations — across many dimensions, including cyber, physical and corporate brand — are on the rise and increasing in frequency, intensity and sophistication. At the same time, the need for actionable intelligence within organizations has never been greater. Those two factors, taken together, are driving the growth and rapid evolution of the threat intelligence market.
In this Executive Insights, we will frame the landscape and the ecosystem, discuss major trends, and identify risks and opportunities for both industry participants and investors.
Threat intelligence fundamentals
To understand the dynamics of the rapidly evolving threat intelligence marketplace, it is important to start with a definition.
In the most fundamental terms, threat intelligence involves the production, aggregation and enrichment of data to deliver threat insights and to mitigate and remediate these risks.
The responsibility for delivering threat insights, mitigation and remediation falls to a wide array of players that comprise the threat intelligence ecosystem. Within that ecosystem, vendors focus on basic data production; data aggregation and enrichment; and detailed analysis of threat insights, mitigation and remediation. At every level, this work is backed by varying degrees of technology and human analysis.
The ecosystem is dynamic. Marketplace participants are moving rapidly to take advantage of emerging opportunities, including in entirely new threat intelligence use cases and areas of focus.
Several trends are driving the growth and evolution of the threat intelligence space:
- Cyberattacks, social media attacks and physical threats are becoming more frequent and more severe. The frequency and intensity of attacks from both state and nonstate actors has been on the rise for years.
- Information security budgets are growing. Organizations understand the risks and are scaling up IT security programs accordingly.
- Cybersecurity skills are in short supply. A persistent shortage of talent is causing organizations to increase their reliance on outside partners and consultants.
- The COVID-19 pandemic has driven an increase in remote work. This trend shows every sign of persisting.
- There is a growing awareness that the response to threats and risks cannot be siloed in the cybersecurity team. Organizations are moving to unite, or at least connect, their security operations centers (SOCs), network operations centers (NOCs) and outside vendors. Both regulatory drivers and the rapid adoption of industry standards point toward an imminent future in which threat intelligence is the responsibility of a closely linked complex of entities and in-house functions tasked with protecting and supporting the full organization.
We anticipate that consolidation will be one of the key features of the landscape as the market matures and the value chain evolves.
The threat intelligence ecosystem today
We have spoken about the increasing frequency and severity of threats that, at the most extreme level, can put an organization’s finances, reputation or even viability at risk (see Figure 1).