"Threat intelligence alone does not reduce risk unless it is continuously validated against actual exposure," the Filigran report warns — a blunt assessment echoed by nearly nine in 10 respondents.
Visibility vs. Management: A stubborn gap
Organizations have amassed visibility: the report finds an average deployment of 14 distinct threat intelligence feeds. Yet that visibility is not translating into confident decision-making. Sixty-one percent of organizations say they cannot determine which vulnerabilities are most likely to be exploited in real‑world attacks, and security teams spend an average of 42% of their time investigating risks that later prove to be low priority or non‑exploitable.
Only 41% of respondents report full consolidation of cyber risk visibility, and just 38% use threat intelligence within a continuous, fully automated validation process. The disconnect between signal and action is reinforced by attitudes: 89% of respondents say reducing alert noise would help identify which alerts represent real business risk, and 84% agree that cyberattacks exploit known risks that are not prioritized.
Regional performance: North America leads, APAC lags, Germany bucks the trend
Operational maturity varies sharply by geography. North America reports the strongest operational posture: 52% of organizations there say they have a fully consolidated view of cyber risk exposure, and 51% use continuous, automated validation of threat intelligence. The U.S. specifically leads all surveyed countries in CTEM program adoption, with 58% reporting a fully established program — and U.S. respondents are among the most likely to cite escalating attack frequency as the primary driver for investment.
EMEA sits near the global midpoint: 37% report a fully consolidated view and 35% use continuous, automated validation. APAC reports the widest shortfall — just 31% have a consolidated view and only 27% use continuous, automated validation, roughly half the North American rate.
Germany is a notable outlier. At 58%, it leads all surveyed countries in automated validation adoption, and German security teams report wasting only 27% of their time on low‑priority or non‑exploitable risks — well below the global average of 42% — suggesting the operational dividend that follows closing the automation gap.
Barriers: integration, disruption risk, and manual effort
Respondents point to several practical hurdles that block validation and automation. Concern about disrupting systems tops the list at 49%, followed by excessive manual effort at 46% and poor integration with existing security processes at 42%. Those frictions help explain why, despite widespread agreement that periodic assessments cannot keep pace with change (88% agree), nearly half of organizations still rely completely or mostly on manual processes for vulnerability identification and threat analysis.
The consequence is both strategic and mundane: wasted analyst hours chasing non‑exploitable signals, alert fatigue that obscures business‑critical threats, and an environment where known but unprioritized risks remain exploitable in practice.
AI and automation: rapid growth, incomplete adoption
Automation — including AI — is widely seen as the necessary response. Eighty‑eight percent of security teams agree that without greater automation they cannot keep up with the volume of risks to assess; 95% say greater automation would improve their confidence that teams focus on the most important risks. Yet only 38% have implemented continuous, automated validation today.
AI is already powering parts of exposure management: 37% of exposure management processes are currently AI‑driven, and respondents expect that share to reach 59% within two years. Respondents identify the areas that would benefit most from AI and automation as detecting vulnerabilities, misconfigurations, and exposures (59%); understanding which threats are relevant to their specific environment (56%); and validating whether exposures are realistically exploitable (54%).
What this means for security teams, procurement leaders, and policymakers
- Security teams: The report quantifies the immediate operational pain — a 42% average time sink on low‑priority work — and shows a clear pathway to relief: continuous, automated validation correlates with far less wasted time (Germany's 27% vs. global 42%).
- Procurement and program leaders: The U.S. lead in CTEM adoption (58% fully established) and North America's stronger consolidation metrics indicate procurement decisions and program investments can accelerate operational maturity; yet nearly half of organizations still rely mainly on manual methods.
- Policymakers and regional planners: Regional disparities — especially APAC's lower consolidation and automation rates — highlight where capacity building or incentives could narrow the global gap in cyber risk management.
The Filigran findings are clear: visibility without validated, automated judgement yields noise, wasted hours, and exploitable gaps. Organizations have gathered feeds, but the hard work remains — integrating, validating, and automating the signals so that teams spend time on the threats that matter. As AI adoption in exposure management is projected to jump from 37% to 59% in two years, the immediate question is not whether automation will arrive, but whether it will be deployed to close the 61% blind spot about which vulnerabilities will be weaponized and to eliminate the nearly half of teams still chained to manual processes.
