17 Data Fusion and Analytics for Chief Investigators, 2022 Survey Report The Most Useful Capabilities Used in Investigation Workflow The three most useful capabilities that organizations are currently using as part of the investigation workflow are: identifying suspicious patterns and anomalies (56%), assessing the risk level for entities and events (47%), and running queries on data from multiple sources (46%). It’s no surprise that identifying suspicious patterns has such priority, as this is one of the main focus points when analyzing data at a large scale. In addition, many stakeholders are tasked with risk assessment for security, financial or operational risks. Organizations have limited resources for analysis and enforcement, and they need to be able to allocate these in an intelligent way. Those with the highest risk score would be given the most resources. Running queries on data from multiple sources is also a valued capability, allowing organizations to easily extract specific information across multiple data sources. Figure 11: The Most Useful Capabilities Used in Investigation Workflow *Question allowed more than one answer and as a result, percentages will add up to more than 100% 56% 47% 46% 45% 39% 30% 10% Identifying suspicious patterns and anomalies Assessing the risk level for entities and events Running queries on data from multiple sources Mapping relationships between entities Extracting identifiers from unstructured data Independently connecting new data sources Don’t have such capabilities