Skip to Content

Intelligence Collection for Risk Practitioners: Moving Beyond Open Source

Most organisational risk intelligence functions are consuming the same publicly available information as their competitors and calling it intelligence. It is not.
20 June 2026 by

Intelligence in the risk practitioner context is a term that is used loosely and understood inconsistently. It is applied to everything from Google News alerts to comprehensive all-source analytical assessments. The gap between these extremes is enormous, and practitioners who are not clear about where they are operating in this spectrum — and what the limitations of their approach actually are — are making decisions based on information they have miscategorised.

The Intelligence Cycle in a Risk Context

The intelligence cycle — direction, collection, processing, analysis, dissemination — provides a useful framework for thinking about intelligence in risk management, even for practitioners who are not operating in a government intelligence context. The cycle makes explicit that intelligence is a process, not a product. A news article is not intelligence. A threat report published by a vendor is not intelligence. These are potential inputs to an intelligence process. Whether they become intelligence depends on whether they have been subjected to collection discipline, source assessment, analytical method, and dissemination process.

Most corporate intelligence functions skip the cycle and go directly to collection and reporting. They aggregate information from open sources, package it in a format that looks like intelligence, and deliver it to decision-makers as if it has been through an analytical process. This is not intelligence. It is curated information — which has value, but has different value, carries different limitations, and supports different decisions than processed intelligence does.

Open Source Intelligence: Capabilities and Limits

Open source intelligence — OSINT — has expanded dramatically in capability over the past decade. The volume of publicly available information about threat actors, security incidents, geopolitical developments, and risk environments is greater than it has ever been. Commercial platforms aggregate and structure this information in ways that significantly reduce the collection burden for practitioners without large intelligence teams.

OSINT is excellent for establishing baseline situational awareness, monitoring for known threat indicators, tracking public reporting on incidents, and supporting preliminary risk assessment. It is limited in significant ways. Open source information is, by definition, what threat actors know is being observed. Sophisticated adversaries deliberately shape the open source environment. Gaps in open source reporting frequently indicate significant events that are not publicly disclosed — which is itself an intelligence signal.

The most important limitation of OSINT for risk practitioners is that it cannot tell you what is not being reported. An absence of open source reporting about a risk does not mean the risk is not present. It may mean that the risk is present but not yet visible in the open source environment — which for operational security purposes may be the most dangerous condition of all.

Human Intelligence in a Corporate Context

Human intelligence — HUMINT — is often assumed to be the exclusive province of government intelligence agencies. This is not accurate. Corporate intelligence functions that maintain professional networks — including relationships with government stakeholders, industry associations, sector-specific information sharing groups, and in-country networks in operating environments — are conducting a form of human intelligence collection. The methods are different, the legal constraints are different, and the access is different, but the principle — that human sources provide information and insights not available from any other collection method — is the same.

For risk practitioners operating in complex environments, the development and maintenance of human networks is one of the highest-value intelligence investments they can make. A well-placed contact who can provide direct reporting on a developing situation — its current status, the reliability of published accounts, and the local context that public reporting does not capture — is more valuable than any aggregation platform.

Analytical Method

Collection without analysis is noise. Analysis is the process of drawing reasoned conclusions from available information — conclusions that are explicitly linked to the evidence, that acknowledge uncertainty, and that are structured to support decision-making. Good analytical method distinguishes between what the evidence shows, what can be inferred from the evidence, and what remains unknown. It assigns confidence levels to conclusions based on the quality and volume of the underlying collection. It identifies the key assumptions the analysis depends on and flags what would change the assessment if those assumptions proved wrong.

Most corporate risk reporting does not apply analytical method in this sense. It applies synthesis — combining information from multiple sources into a summary assessment. Synthesis is useful. It is not the same as analysis. The gap matters most when the decision at stake is significant and the information environment is ambiguous — which is precisely the condition under which you need analytical rigour most.

The Practitioner's Practical Approach

For practitioners without large intelligence teams, the practical approach is to be explicit about what level of intelligence process you are applying and what the limitations of that level are. If you are doing OSINT-based situational awareness, be clear that this is what it is — and what it cannot tell you. If you are applying analytical judgement to incomplete information, be explicit about the assumptions and uncertainties your assessment rests on. If the decision requires greater confidence than your current collection and analysis process can provide, say so and recommend investment in additional collection before the decision is made.

Intelligence is not a binary — you either have it or you do not. It is a spectrum of quality, coverage, and confidence. Practitioners who are clear about where they are on that spectrum, and honest with decision-makers about what that means for the confidence they should place in their assessments, are doing intelligence work that genuinely supports better decisions.

Tony Ridley provides advisory on intelligence frameworks, threat assessment, and practitioner capability development. Contact us to discuss your requirements.

The Expert Witness Standard: What Organisations Discover When Risk Management Is Examined
When incidents become disputes, risk management programmes face a standard of scrutiny most were never designed to withstand.