In 2025, shifting towards an era of "massive losses" from network risks
A report indicates that 2025 marked a structural turning point in cyber risks. The real-time incident and threat detection company Dataminr Inc. released the 2026 Cyber Threat Outlook report, showing a significant increase in threat actor activity, accelerated identity-based attacks, and a rise in “large-scale loss” events.
During 2025, Dataminr recorded a 225% increase in monthly threat actor alerts. This reflects an expanding and interconnected risk environment, with over 5,000 threat actors detected, more than 18,000 ransomware alerts, and over 2 million domain impersonation incidents.
In 2025, Dataminr logged over 6.3 million external threat alerts, 4.8 million vulnerability alerts, and 3.1 million digital risk alerts, with phishing alerts alone exceeding 440,000. Corporate fraud incidents surpassed 420,000, and hacker service advertisements exceeded 185,000.
The report emphasizes that identity has now become a primary attack surface, noting that about 30% of intrusions involve valid credentials. The trend toward “login rather than intrusion” is driven by an 84% increase in information-stealing malware (via phishing attacks) and the rise of AI-powered social engineering activities.
Regarding financial impact, the report states that while the number of ransomware attacks stabilized, the damage from individual incidents became physically larger in 2025. According to Dataminr’s loss severity analysis, high-impact events causing losses of $100 million or $1 billion are forming clusters.
Organizations now face systemic, multi-layered attacks combining credential theft, data breaches, operational disruptions, and regulatory risks—more threatening than the isolated incidents common in the past.
The report notes that traditional severity scores, such as the Common Vulnerability Scoring System, are insufficient to reflect actual business risk. They must be interpreted in context, considering attack likelihood, industry targeting patterns, and modeled for financial impact.
Finally, the report concludes that the current threat environment exceeds the management capacity of human security teams alone. With over 4,300TB of signal data input annually and millions of alerts generated, the company believes that AI platforms specifically designed for this purpose can correlate early signals, shorten dwell times, and prevent catastrophic losses.