Blog Trainings Request a Demo Login
Free Trial
Dark Web Report
SOCRadar® Cyber Intelligence Inc. | SANS 2025 Cyber Threat Intelligence (CTI) Survey: Navigating Uncertainty in Today’s Threat Landscape
Free Dark Web Report
Is your Domain Exposed? Find Out.
Table Of Content
Moon
Home

Resources

Blog
May 22, 2025
3 Mins Read
May 23, 2025

SANS 2025 Cyber Threat Intelligence (CTI) Survey: Navigating Uncertainty in Today’s Threat Landscape

Did you know that 86% of organizations use the MITRE ATT&CK framework to structure their threat intelligence efforts or that 90% rely primarily on external intelligence sources to stay ahead of cyber threats?

These numbers are not only impressive; they signal a paradigm shift in how Cyber Threat Intelligence (CTI) is prioritized and practiced in 2025.

Navigating a Complex Digital Landscape

According to the latest 2025 SANS CTI Survey, sponsored by SOCRadar, organizations globally are reshaping their CTI capabilities to stay ahead of evolving cyber threats. A notable 70.2% of cybersecurity professionals highlight the need for adaptation as digital complexities surge, reflecting the growing pressures from both adversaries and internal digital sprawl.

Evolution of CTI Processes - (Hyperlink to Whitepaper)

Evolution of CTI Processes

AI is Not Optional, It’s Essential

Another standout from the survey is that over one-third of organizations now leverage Artificial Intelligence (AI) within their CTI workflows. This isn’t just experimentation; it’s becoming a critical part of threat detection and response strategies, from automated data collection to triage and enrichment.

External Inputs Lead the Way

Structured approaches like MITRE ATT&CK™ are no longer optional. With 86% of respondents actively using the framework, it’s clear that the community is aligning around standardized methods to better understand and counter adversary behavior.

Use cases for MITRE ATT&CK - (Hyperlink to Whitepaper)

Use cases for MITRE ATT&CK

External intelligence sources dominate CTI programs:

  • 90% rely on data from vendor feeds, threat-sharing groups, and the open web
  • Only 64% utilize internal sources, pointing to a potential area of growth and untapped value

Despite these advancements, CTI teams consistently face hurdles, including:

  • Limited resources
  • Constantly shifting threats
  • Regulatory pressures and compliance demands

Communication is a critical success factor, with 80% of organizations relying primarily on written reports to deliver intelligence. Reports have evolved from simple alerts to strategic tools that influence decisions at the executive level.

Yet, just 55% of CTI programs measure their effectiveness. Most rely on direct stakeholder feedback, so formal ROI tracking and maturity modeling still need improvement.

Methods for Gathering Feedback on CTI - (Hyperlink to Whitepaper)

Methods for Gathering Feedback on CTI

Curious about how leading organizations are overcoming these barriers and driving effective CTI? Explore the complete insights in the detailed 2025 SANS CTI Survey, brought to you in sponsorship of SOCRadar.

Related Articles
SOCRadar® Cyber Intelligence Inc. | The Alarming Rise of Cyber Threats in the NFT and Cryptocurrency Space
The Alarming Rise of Cyber Threats in the NFT and Cryptocurrency Space
May 29, 2025
SOCRadar® Cyber Intelligence Inc. | Germany Under Cyber Siege: Key Insights from Our Latest Threat Landscape Report
Germany Under Cyber Siege: Key Insights from Our Latest Threat Landscape Report
May 07, 2025
SOCRadar® Cyber Intelligence Inc. | Global Ransomware Chronicles: Key Trends for Professionals
Global Ransomware Chronicles: Key Trends for Professionals
Apr 25, 2025
SOCRadar® Cyber Intelligence Inc. | NATO's Digital Frontiers Threat Landscape Report
NATO's Digital Frontiers Threat Landscape Report
Mar 26, 2025
SOCRadar® Cyber Intelligence Inc. | Navigating the Evolving Cyber Threats in the Finance Industry
Navigating the Evolving Cyber Threats in the Finance Industry
Mar 03, 2025