Google Cloud/Forrester Report: Top Challenges to Effective Threat Intelligence – Source: www.techrepublic.com

One of the top challenges for threat intelligence workers is having too many data feeds, according to the July 2025 Threat Intelligence Benchmark report from Forrester Consulting and Google Cloud.

Forrester Consulting surveyed more than 1,500 IT and cybersecurity leaders across 12 industries from countries, including UK, Australia, and Japan.

The greatest challenges to improving threat intelligence

According to the report, the most challenging data and analytics hurdles for improving threat intelligence capabilities were:

• Too many threat intelligence data feeds (61%).
• Lack of skilled threat analysts (60%).
• Difficulty making the data actionable (59%).
• Difficulty verifying the validity and/or relevance of threats (59%).
• Difficulty determining which intelligence applies (49%).

In total, 82% of respondents reported being concerned or very concerned about missing threats due to the overwhelming number of alerts and data.

Sixty-one percent of respondents cited the abundance of feeds as a challenge, while 60% pointed to a shortage of skilled analysts.

This volume of data also hinders collaboration. According to the report, 66% of respondents said they had difficulty sharing threat intelligence with the appropriate teams.

AI helps summarize information for threat intelligence workers

AI tools are increasingly being used to manage the volume of information facing security teams. According to the report, 69% of respondents said that generating summaries was the most beneficial application of generative AI for threat intelligence. Other cited benefits included:

• Improving the capability to prioritize threats and vulnerabilities (68%).
• Making threat intelligence more accessible to stakeholders (68%).
• Providing actionable recommendations to support junior analysts (63%).
• Freeing up time for high-priority tasks (60%).
• Improving decision-making (50%).

“Interestingly we didn’t see a clear leading use of AI but rather a grouping of benefits across summarization, prioritization, and communication,” said Jayce Nichols, director of Google Threat Intelligence Group at Google Cloud, in an email to TechRepublic. “Clearly organizations are still figuring out the best ways for their teams to use AI.”

However, AI can also introduce errors. Google Cloud recommends incorporating AI into workflows in a secure and monitorable way.

“Advancements in the quality of AI response improve every day, but humans should still do their due diligence and double check the key parts of the outputs before taking action,” said Nichols. “This mirrors the response we saw in the study where 81% of respondents say they trust the use of AI in threat intelligence from notable vendors only.” 

Prioritize high-stakes assets and know your adversaries

Based on the report’s findings, Google Cloud advises organizations to identify the high-stakes needs of their business first to determine where to allocate threat intelligence resources more effectively. Understanding which adversaries are most likely to target a given organization or sector is another key strategy.

Google Cloud also recommends improving communication among threat intelligence, incident response (IR) teams, and the security operations center (SOC) to enhance the usefulness of shared threat intelligence.

SOC and IR analysts should prioritize tasks that enable them to work more efficiently, such as proactive threat hunting, contextualizing alerts, developing custom detections, and supporting incident response efforts.

Meanwhile, threat intelligence teams are encouraged to track performance using critical metrics like mean time to respond, alert fidelity, blocked threats, and the number of threats identified through intelligence-led hunting.

How exposed is your SharePoint instance? This breakdown of CVE exploits and hacker tactics is your first step toward locking it down.