Survey finds 50% experienced a major breach in the past year, with 72% saying threat hunting directly helped prevent or mitigate impact

Team Cymru, the trusted intelligence partner to the world’s most targeted organizations, today released its Voice of Cybersecurity Strategist Report, exposing a critical disconnect between security ambition and real-world execution. Despite increased investment, many organizations still operate with limited visibility of critical external attack surfaces and active threat infrastructure, leaving blind spots where risk actually materializes. The results reveal meaningful gaps between perceived readiness and operational capability, particularly around external visibility, threat intelligence, and AI-driven security priorities.

Key findings include:

• 50% of security practitioners say they experienced a major security breach in the past year
• 72% of those breached say their threat hunting program played a key role in preventing or mitigating the breach
• Only 38% report comprehensive, real-time visibility into threats beyond the network perimeter (45% report “good” visibility)
• AI-enabled threats are the top emerging concern (22%), ahead of ransomware (20%) and cloud service vulnerabilities (17%)
• 45% cite insufficient real-time threat intelligence as their biggest external threat intelligence gap
• 60% allocate 20% to 40% of their threat intelligence budget to external threat intelligence and monitoring, and 32% allocate more than 40%
• The ability to leverage AI is the top evaluation criterion for threat intelligence investments (52%)
• AI-enhanced threat detection and response is ranked the most critical security capability (61%)

“Security teams are being asked to anticipate faster, address an increasing number of adaptive threats. The data shows many are still operating without the real-time external visibility needed to stay ahead,” said Joe Sander, CEO, Team Cymru. “This report validates what we hear every day from cyber defenders of all types: threat hunting and external intelligence can change outcomes, but only if organizations can translate threat data into action quickly. The path forward is clear: prioritize real-time visibility beyond the perimeter, invest in AI that improves speed and precision, and measuring success by identifying and neutralizing threats, mitigating impact to the business.”

The report underscores a growing “confidence versus capability” gap across modern security infrastructures protecting critical infrastructure, government agencies, and civilian-reliant business operations. While most respondents believe they have “good” visibility into threats beyond their perimeter, only 38% say that visibility is comprehensive and real-time. That shortfall matters more as attacks accelerate and adversaries expand beyond traditional boundaries.

At the same time, AI is reshaping both sides of the fight. AI-enabled threats ranked as the top emerging concern among respondents (22%), narrowly outpacing ransomware (20%). In response, organizations are prioritizing AI in their security strategy, with 52% naming the ability to leverage AI as their top criterion when evaluating threat intelligence investments, and 61% ranking AI-enhanced threat detection and response as the most critical capability for an effective security program. Yet the report also suggests many programs are still constrained by foundational data and integration issues, with 45% citing insufficient real-time threat intelligence as their biggest gap, and 42% pointing to challenges integrating external threat data with internal tools.

Investment and operating models are shifting toward external, technology-driven defense. 92% of respondents allocate at least 20% of their threat intelligence budget to external threat intelligence and monitoring, including 32% who allocate more than 40%. When it comes to resourcing, 44% report a mostly technology-focused approach to balancing tools and people, signaling a push toward automation, orchestration, and integrated workflows to increase team efficiency.

Measuring value is increasingly tied to proactive outcomes. The primary metric respondents use to assess external threat intelligence effectiveness is spotting threats before they affect the organization (27%), followed closely by faster threat detection (26%). When communicating to boards and executive leadership, respondents most often cite the number of incidents prevented or detected (50%) and mean time to detect and respond (50%), reflecting a focus on tangible outcomes and operational speed.

The report also highlights why progress can stall. The biggest challenge to funding threat intelligence initiatives is a focus on compliance requirements over threat-driven investments (26%), followed by competing priorities within the security program (23%) and limited executive understanding of external threats (22%). Looking ahead, the top planned strategic shift over the next 12 to 24 months is increasing the efficiency of the existing security team (45%), alongside aligning with increasing regulatory compliance (40%) and consolidating threat intelligence suppliers (39%).

Methodology

Team Cymru surveyed 121 information security, cybersecurity, and risk management leaders responsible for setting cybersecurity strategy, approving security technology investments, and managing security budgets and resources. The survey was conducted online via Pollfish using organic sampling beginning April 17, 2025 capturing perspectives across multiple industries.

To download the full Voice of the Cybersecurity Strategist report, visit here.

ABOUT TEAM CYMRU

Team Cymru is the trusted intelligence partner to the world’s most targeted organizations, transforming unmatched global visibility into actionable insights that protect nations, businesses, and communities. Powered by Pure Signal™, the largest source of context-rich telemetry beyond the network edge, Team Cymru empowers defenders by reducing noise, accelerating decision-making, and driving real-world outcomes. From threat hunting and CTI to third-party risk and national defense, our solutions provide instant clarity and unmatched visibility. Through our Community Services, we also deliver no-cost threat detection, DDoS mitigation, and intelligence to over 185 CSIRTs across 85+ countries. Learn more at https://team-cymru.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260129960113/en/