Security Organizations Reveal Threat Management Fails to Match Visibility
.webp?t=1782826087)
A recent report by Filigran analyzes the gap between threat visibility and threat management. Despite deploying an average of 14 different threat intelligence feeds, 61% of organizations say they cannot determine which vulnerabilities are most likely to be exploited in real-world attacks. Thirty-eight percent use threat intelligence within a continuous, fully automated validation process. Security teams spend an average of 42% of their time investigating risks that later prove low priority or non-exploitable.
Forty-one percent of organizations report full consolidation of cyber risk visibility, and the gap is especially pronounced outside North America, where organizations are roughly 20 points behind on both consolidated visibility and continuous automated validation. Nearly nine in 10 respondents agree that threat intelligence alone does not reduce risk unless it is continuously validated against actual exposure.
North American organizations report the strongest operational maturity globally, with 52% reporting a fully consolidated view of cyber risk exposure — compared with a global average of 41% — and 51% using threat intelligence within a continuous, automated validation process. The U.S. specifically leads all surveyed countries in CTEM program adoption, with 58% reporting a fully established program, though U.S. organizations are also among the most likely to cite escalating attack frequency as their primary driver for investment.
EMEA falls in the middle of the global curve, with 37% reporting a fully consolidated view of exposure and 35% using continuous, automated validation. APAC reports the widest gap: just 31% have a fully consolidated view, and only 27% use continuous, automated validation — roughly half the North American rate.
Germany is the clearest exception to the regional pattern. At 58%, it leads all surveyed countries in automated validation adoption, and the dividend shows: German security teams report wasting just 27% of their time on low-priority or non-exploitable risks, compared with the global average of 42% — evidence that closing the automation gap returns real time to security teams, not just risk reduction.
While 88% of respondents acknowledge that periodic assessments cannot keep pace with the speed of change in their environments, nearly half still rely completely or mostly on manual processes for vulnerability identification and threat analysis. The bottleneck has real consequences: 84% agree that cyberattacks exploit known risks that are not prioritized. The top barriers to validating whether threats are exploitable include concern about disrupting systems (49%), excessive manual effort (46%), and poor integration with existing security processes (42%). Alert noise compounds the problem — 89% say reducing it would help identify which alerts represent real business risk.
Eighty-eight percent of security teams agree that without greater automation, they cannot keep up with the volume of risks they must assess. But AI adoption in exposure management is accelerating: currently, 37% of exposure management processes are AI-driven, and respondents expect that figure to reach 59% within two years.
While 95% of organizations agree greater automation would improve their confidence that teams are focused on the most important risks, only 38% have implemented continuous, automated validation. The areas respondents say would benefit most from AI and automation are detecting vulnerabilities, misconfigurations, and exposures (59%); understanding which threats are relevant to their specific environment (56%); and validating whether exposures are realistically exploitable (54%).
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!
.webp?height=200&t=1686159685&width=200 "computer desk with mouse")
