Threat Intelligence
Curated, contextualised information about current and emerging cyber threats — including attack methods, malicious infrastructure, and threat-actor behaviour — used to anticipate and prevent incidents.
Also known as: CTI, cyber threat intelligence, security intelligence
Last reviewed: 10 June 2026
Threat intelligence transforms raw security data into actionable information. It includes indicators of compromise (suspicious IP addresses, domain names, file hashes), tactics, techniques, and procedures (TTPs) used by specific threat actors, and contextual analysis of who is attacking whom, for what purpose, and with what tools. Sources range from internal security telemetry to shared industry feeds, government advisories, and commercial intelligence providers.
For organisations, threat intelligence informs defensive prioritisation: if intelligence shows a particular industry is being actively targeted by a phishing campaign using a specific email theme, security teams can issue targeted warnings, update email filters, and run tabletop exercises. Consumer-protection agencies and financial regulators increasingly publish threat intelligence in accessible forms — scam alert bulletins, fraud trend reports — to help individuals recognise current campaigns.
Consumers benefit from threat intelligence indirectly through the updated fraud detection systems of their banks and the phishing warning lists built into browsers and email clients. More directly, following the scam-alert outputs of regulators (FTC Scam Alerts, Action Fraud in the UK, ACCC Scamwatch in Australia) provides awareness of current tactics being deployed against the general public.