• 49 percent consider budget and costs to be the biggest obstacle
• 33 percent overwhelmed by the multitude of threat intelligence (TI) tools
• 71 percent consider TI to be indispensable for their security strategy

Although 71 percent of companies in Germany consider threat intelligence (TI) to be an essential part of their security strategy, they face a variety of challenges when using it.

After costs and budget (49 percent), complexity is the main obstacle for IT decision-makers with regard to TI (39 percent), followed by a lack of internal resources (36 percent) and too many different tools being used (33 percent). These are the results of a recent Kaspersky survey of IT decision-makers in Germany [1; https://kas.pr/ti-data-feeds-whitepaper].

Threat Intelligence (TI) is fundamental to the IT security strategy of 71 percent of companies, and has already helped to prevent a cyber attack in 66 percent of cases. Nevertheless, 52 percent say they are not fully convinced of the defensive capabilities of TI.

Scope and management of TI cause headaches

Four out of ten companies (39 percent) find TI too complex and difficult to manage. A third (33 percent) specifically cite the use of too many different tools, which can lead to a confusing and difficult-to-control security structure.

At the same time, 29 percent say they lack sufficient resources to manage the scope of TI. It is therefore not surprising that many companies are seeking to simplify their security architecture: 79 percent would bundle their security solutions on a single platform if they had the necessary resources.

More than a third complain about a lack of resources

In addition, many companies say they lack the necessary resources and expertise for TI: 36 percent of respondents lack sufficient staff or capacity to manage TI, while 28 percent lack the expertise to implement and use it. At the same time, two-thirds (66 percent) emphasize that external expertise is necessary to fully leverage threat intelligence. Accordingly, three quarters (76 percent) would rely more on managed security services with existing resources in order to benefit from external expertise and proactive cyber protection.

Most respondents (49 percent) agree that the challenge of TI lies in the costs and budget, and this is also the most frequently cited reason (40 percent) why companies are not currently using TI. In addition, 30 percent feel that the coverage of TI is too limited, while 26 percent of respondents simply lack sufficient real-time monitoring capabilities to fully integrate TI into their security strategy.

“The issue of costs and budgets is on the minds of companies of all sizes in all sectors. However, if they skimp on cybersecurity, they are saving at the wrong end,” comments Waldemar Bergstreiser, General Manager DACH at Kaspersky. “For example, small and medium-sized companies had to deal with an average of 16 incidents in 2024, costing them around €290,000 to resolve, which is 1.5 times higher than their total IT security budget. In our survey, 66 percent of companies confirmed that they had already prevented a cyber attack using TI data feeds. The cost of implementing threat intelligence is also significantly less than the cost of a successful cyberattack. In the face of serious threats, up-to-date and comprehensive threat information is more important than ever to detect attacks early, analyze them and respond quickly – and TI is essential to this.”

Kaspersky recommendations for the effective use of threat intelligence

• An effective cybersecurity strategy begins with comprehensive threat information. The Kaspersky Threat Intelligence Portal [2] provides organizations with in-depth analysis of current cyber threats, attack patterns, and malware trends.
• Not every organization has its own team of cybersecurity experts. Solutions such as Kaspersky Managed Detection and Response [3] or Kaspersky Incident Response [4] enable companies to benefit from the experience of leading external cybersecurity analysts.
• In many companies, fragmented security solutions make it difficult to mount a unified threat defense. Kaspersky Next [5] offers a comprehensive, cloud-based platform that seamlessly links threat intelligence with existing security systems. This not only makes it possible to detect threats faster, but also to combat them automatically.
• Cyberattacks often begin with social engineering techniques such as phishing or spear phishing. It is therefore essential that employees play a central role in the security strategy. Kaspersky’s Automated Security Awareness Platform [6] provides practical training in micro-lessons that address real-world threat scenarios tailored to the specific position of the employee.

The white paper with the main findings of the online survey is available at: https://kas.pr/ti-data-feeds-whitepaper

Further information about Kaspersky Threat Intelligence is available at https://www.kaspersky.de/enterprise-security/threat-intelligence.

[1] In November 2020, Censuswide conducted an online survey for Kaspersky among 500 IT decision-makers in Germany and 251 in Switzerland on the topic of threat intelligence. https://kas.pr/ti-data-feeds-whitepaper

[2] https://go.kaspersky.com/threat-intelligence-de.html

[3] https://www.kaspersky.de/enterprise-security/managed-detection-and-response

[4] https://www.kaspersky.de/enterprise-security/incident-response

[5] https://www.kaspersky.de/next

[6] https://www.kaspersky.de/small-to-medium-business-security/security-awareness-platform

Useful links:

• Kaspersky Threat Intelligence: https://www.kaspersky.de/enterprise-security/threat-intelligence
• Kaspersky Threat Intelligence Portal: https://opentip.kaspersky.com/
• Kaspersky Managed Detection and Response: https://www.kaspersky.de/enterprise-security/managed-detection-and-response
• Kaspersky Incident Response: https://www.kaspersky.de/enterprise-security/incident-response
• Kaspersky Automated Security Awareness Platform: https://www.kaspersky.de/small-to-medium-business-security/security-awareness-platform