Advances in logistics and technology have reshaped home delivery, allowing customers to track their orders in real time—from the moment it’s prepared to the moment it arrives at their door.
But this kind of integration shouldn’t be limited to customer-facing operations. According to Deliveroo’s head of threat intelligence, it’s time for businesses to apply the same thinking to how they manage and deliver threat intelligence across all functions.
Boobeshwaran Sengodagoundar Kandasamy says that most enterprises still see threat intelligence as a narrow tool primarily utilised by cybersecurity teams.
Instead, they should focus on integrating threat intelligence across business functions to mitigate not only cyber risks, but also broader operational and strategic threats.
Speaking at Tech Show London, he outlines “integrated intelligence – a more expansive approach that links cyber insights with functions such as operations, finance, marketing, supply chain and human resources.
“Most typical enterprise threat intelligence programmes just stick with security,” he says. “They miss out on the broader business risks.”
Kandasamy, a cyber researcher with nearly a decade of industry experience, including at financial services firms and media groups, argues that while security teams have become adept at gathering and analysing data about cyber threats, they often fail to communicate the business implications of those threats in terms that resonate with non-technical leaders. That, he says, leaves organisations exposed.
“If you say, ‘this is a vulnerability, you have to patch it’, the business is not going to understand,” he says. “They are going to understand in business terms: what is the impact, what is the loss?”
Delivering a slice of intelligence
The problem is not just one of translation. Kandasamy identifies four common structural challenges that prevent organisations from using threat intelligence: limited scope, data silos, poor cross-functional collaboration and lack of business context.
Cybersecurity analysts often have what he describes as “tunnel vision”, focusing only on IT risks, without understanding how those risks intersect with financial performance, customer experience or supply chain continuity.
He highlights the issue of data silos, where information is segmented between departments, making it difficult for threat analysts to understand the full implications of an incident.
“If I know the impact on the financial data or how it would impact operations, I can pan my view and get a holistic picture,” he says. “That’s what the business wants, not just the security risk.”
Kandasamy stresses the importance of building relationships with teams outside of security to ensure timely action when a risk is identified. Without those ties, he warns, “it’s very, very hard to reach out to them and then tell them, ‘this is the problem’, and make them understand. By then, everything could have happened.”
He points to his own early experience of being asked to explain a cyber incident to senior leadership, only to struggle because he lacked the business language and context to frame the issue effectively. That led to delays in decision-making and missed opportunities to mitigate impact.
To illustrate the power of a broader intelligence model, he offers a hypothetical case in which a company is blindsided by a labour strike. Without advance warning, operations halt, revenue drops, supply chains are disrupted, brand reputation suffers, and regulatory scrutiny may follow.
There are also hidden cyber risks, including insider threats and phishing attempts that often accompany such periods of instability.
But if the threat intelligence team had detected early signs of discontent – on underground forums, perhaps, or through geopolitical risk monitoring – and shared that information beyond the IT department, the business could have acted early, negotiating with workers or activating contingency plans.
“A small piece of intelligence could reduce a huge risk,” he says.
He also proposes several concrete ways that threat intelligence could support other business functions:
– For marketing, cyber analysts could detect brand impersonation or viral misinformation before it escalates into full-blown reputational crises.
– For procurement, they could help select suppliers based on their cyber hygiene, not just cost or performance.
– For HR, they could assess the risk of hiring employees from high-risk regions or approving remote work requests from countries with poor data protection records.
Kandasamy argues that board members and senior leaders, too, stand to benefit. When assessing new markets, launching new products, or considering acquisitions, geopolitical and cyber intelligence could offer insights into local regulatory risks or the potential for trade disruption.
Ultimately, he says, the aim is to help businesses move away from reactive models of security, where teams simply detect and respond to threats, and towards a more proactive, strategic approach. “It’s not just about preventing data theft anymore,” he says. “Threats are becoming destructive. They can stop operations altogether.”
