The vast majority of chief information security officers rely on outdated, report-based threat intelligence, according to a new threat intelligence survey from threat intelligence firm Cybersixgill Ltd.

Based on a survey more than 150 CISOs at firms with at least 10,000 employees or more than $1 billion in revenue, at least 90% of CISOs rely on outdated threat intelligence that is often too old to enable them to make informed decisions. Some 77% of CISOs said metrics related to the efficiency of incident response and response bottlenecks are key performance indicators.

The survey shows that executives are acutely aware of their blindspots, because the tools that offer better visibility also impact the metrics on which boards and chief executive officers judge them.

Other key findings in the survey included 59% of CISOs agreeing that they believe that quantifying risk and balancing risks against costs is a chief concern among boards of directors. Internal factors, such as the ability to comply with regulations and professional knowledge gaps, rank among the most common problems for CISOs, at 60% and 41% respectively, while 39% of respondents said hackers were a chief concern.

The survey wasn’t all doom and gloom: A full 97% of CISOs said they expected their cybersecurity teams would grow in 2021, indicating that cybersecurity awareness is growing and budgets increasing. Some 37% of CISOs said their biggest knowledge gaps were around threat intelligence processing, 21% said vulnerability management and 11% cited COVID-19-related gaps.

“Threat intelligence is quickly becoming the epicenter of key cybersecurity programs including vulnerability management, yet one in three CISOs identifies threat intelligence and one out of five identifies vulnerability management as their biggest blindspots,” Meira Primes, chief marketing officer of Cybersixgill, said in a statement. “Boards should encourage CISOs and their teams to explore new approaches, such as agile threat intelligence, to tackle these challenges more effectively.What we found is that there is a consistent need for enterprises to adopt automated, iterative, and continuous intelligence-driven processes in order to evolve and meet today’s security challenges.”

Image: Cybersixgill