It took me 4 years to build an intel capability at a major bank. Here is why you can’t just “buy” one.

There is a dangerous misconception currently circulating in the industry: the idea that every business needs a proprietary intelligence function.

It is not just vendors pushing this. Consultants and even governments – through regulation like Australia’s Scams Prevention Framework (SPF) Act – are increasingly expecting organisations to demonstrate “intelligence and disruption” capabilities.

These are advanced concepts.

The reality? Most organisations are not mature enough to handle them. Intelligence is not a product you plug in; it is a capability you build.

Here is why Fraud and Security Intelligence is a maturity indicator, not a startup hustle.

1. The Foundation Must Come First

You cannot build a roof if you haven’t poured the slab. For intelligence, that “slab” is your Control Environment.

Many organisations are still struggling to implement basic controls: governance, standardised processes, and clear ownership of risk. They are drowning in alerts because they haven’t yet defined what “normal” looks like.

This is where the confusion about “Intelligence Feeds” begins.

The market sells lists of compromised phone numbers or IP addresses as “intelligence.” But if you dump those lists into an immature control environment that is already overwhelmed, you aren’t creating insight. You are just amplifying the noise.

2. The Tradecraft Gap

True intelligence is not just swapping data points. It requires Tradecraft.

Tradecraft is the ability to analyse collected information to understand the adversary’s perspective. We are dealing with adaptive threats – agile, intelligent, and driven adversaries who constantly test your defences. To stop them, you need to improve detection “left of bang” – before the loss occurs.

This reveals a critical talent gap. Different roles are trained to think in fundamentally different ways:

• Engineers are trained to think in binary terms (Yes/No).
• Investigators work backwards (proving an allegation).
• Intelligence Analysts work forwards (anticipating hypotheticals).

You cannot simply ask an investigator to “do intel” off the side of their desk.

3. The Specialist Capability (Tech + Data + Tradecraft)

Defensive controls operate on Lists and Rules. They look for a known “bad” indicator and block it.

Intelligence operates on Adversaries.

Because adversaries function as networks, intelligence must look at Relationships, Graphs, and Hierarchies. To execute this, you need a specific formula: Technology + Data + Tradecraft.

If you buy the Technology without the Tradecraft, you have a Ferrari with no driver.

4. The 5 Simultaneous Problems

This is the “Maturity Trap.”

When I led the intelligence function at a large Australian bank, it took me four years to build the function from scratch. Any organisation trying to build this today must solve five complex problems simultaneously:

1. Governance: Defining the mandate and the Customer.
2. Process: Building a target-centric Intelligence Cycle.
3. People: Hiring rare talent who possess both aptitude and business context.
4. Technology: Implementing complex graph/link analysis tools.
5. Data: Ingesting unstructured data and finding budget for feeds.

The Takeaway

If you are a growing business in a high-risk industry, do not feel pressured to build a “proprietary intelligence unit” just because the consultants say you should.

Focus on your foundation. Get your data in order. Stabilise your control environment.

Because if you try to build an intelligence function before you are ready, you won’t get “better security.”

You will just get expensive noise.

DISCLAIMER: All information presented on PaulCurwell.com is intended for general information purposes only. The content of PaulCurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon PaulCurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.