The article explores how to design and implement a cyber intelligence early warning system, conceived as a “radar” capable of detecting weak threat signals before they materialise. By mapping critical assets, integrating diverse sources (OSINT, dark web, internal telemetry, and commercial feeds) and applying risk prioritisation models such as FAIR, the system translates raw information into targeted alerts with high operational impact. A logical architecture is outlined, combining data collection, advanced analysis, continuous feedback loops for constant refinement, and compliance with key regulatory frameworks (GDPR, NIS2, and the Budapest Convention). The article also highlights the role of key metrics (MTTD, MTTR) and the sharing of intelligence with trusted communities, ISACs, and CERTs to amplify early warning capabilities and strengthen organisational resilience.