A lack of continuous validation is preventing organisations from turning cyber visibility into meaningful risk reduction, according to new research from Filigran.
The company’s State of Threat Management Report, based on a survey of 550 security decision-makers and practitioners worldwide, found that although organisations are investing heavily in threat intelligence and security tools, many continue to struggle to prioritise the risks that matter most.
According to the research, security teams spend an average of 42% of their time investigating risks that later prove to be low priority or non-exploitable, while 84% of respondents said cyberattacks frequently exploit risks that were already known but had not been prioritised. The report noted that this reflects a growing “exposure gap” between identifying threats and taking action to reduce risk.
Despite organisations using an average of 14 threat intelligence feeds, 61% said they are unable to determine which vulnerabilities are most likely to be exploited in real-world attacks. Only 38% currently use threat intelligence within a continuous, fully automated validation process.
“Visibility isn’t the problem. It’s that teams struggle to translate that visibility into action fast enough,” said Julien Richard, co-founder of Filigran. “Organisations are drowning in threat data from dozens of feeds and tools. Without continuous validation and intelligent prioritisation, that data creates noise rather than clarity.”
The report suggests fragmented tooling continues to hamper security operations. Only 41% of organisations reported having a fully consolidated view of cyber risk exposure across their environment, while almost nine in ten respondents agreed that threat intelligence alone does not reduce risk unless it is continuously validated against actual exposure.
Regional differences were also evident. North America reported the highest levels of operational maturity, with 52% of organisations having a consolidated view of cyber risk exposure and 51% using continuous automated validation. By comparison, organisations across EMEA reported figures of 37% and 35% respectively, while APAC recorded the lowest levels of maturity.
The UK appears to be falling behind on operational maturity. Only 24% of UK organisations reported having a fully consolidated view of cyber risk exposure, compared with 41% globally, while just 14% have integrated threat intelligence into a continuous, automated validation process, one of the lowest rates recorded in the research. Although UK organisations have visibility into many of the threats they face, the findings suggest they are significantly less equipped than their international counterparts to continuously validate and prioritise the risks most likely to be exploited.
Germany emerged as an outlier, leading all surveyed countries in automated validation adoption at 58%. German security teams also reported spending significantly less time investigating non-exploitable risks than the global average.
The research found many organisations continue to rely heavily on manual processes. While 88% agreed that periodic assessments cannot keep pace with rapidly changing environments, almost half still depend mostly or entirely on manual approaches to vulnerability identification and threat analysis.
Respondents identified concerns about disrupting production systems (49%), excessive manual effort (46%) and poor integration between existing security tools (42%) as the biggest barriers preventing wider adoption of continuous validation.
AI is expected to play an increasingly important role in addressing these challenges. Currently, respondents estimate that 37% of exposure management processes are AI-driven, rising to an expected 59% within the next two years. The areas where organisations believe AI can deliver the greatest value include detecting vulnerabilities and misconfigurations (59%), understanding which threats are relevant to their specific environment (56%) and validating whether exposures are realistically exploitable (54%).
Neena Sharma, Head of Customer and Product Marketing at Filigran, said the findings demonstrate that organisations have invested heavily in detection capabilities but are still struggling to operationalise threat intelligence. “The industry invested heavily in detection and intelligence, but without continuous validation and prioritisation, organisations remain reactive,” she said. “These findings reinforce why we are building the XTM platform, to give security teams the operational bridge from awareness to action.”
Looking ahead, organisations appear ready to increase investment in exposure management. Around three-quarters of respondents plan to invest in cyber risk quantification tools and exposure assessment capabilities over the next two years, while 94% agreed that maintaining a proactive cybersecurity posture will depend on integrating threat intelligence with exposure management.
