Dataminr: Cyber 'Mega-Loss' Era Dawns as Threat Alerts Skyrocket

A new report from Dataminr Inc. indicates a significant shift in cyber risk for 2025, marked by a surge in threat actor activity and an acceleration of identity-based intrusions, leading to more frequent "mega-loss" events.

Dataminr's 2026 Cyber Threat Landscape Report documented a 225% increase in average monthly threat actor alerts compared to 2024. The company tracked over 5,000 threat actors, logged more than 18,000 ransomware alerts, and identified over 2 million domain impersonation incidents.

External threat alerts exceeded 6.3 million in 2025, alongside 4.8 million vulnerability alerts and 3.1 million digital risk alerts, including phishing and brand impersonation. Phishing alone generated over 443,000 alerts.

Identity has emerged as the primary attack surface, with nearly 30% of intrusions leveraging valid credentials. This trend is exacerbated by an 84% rise in infostealer malware delivered via phishing and AI-enhanced social engineering campaigns.

While ransomware volumes stabilized, single-incident losses grew substantially. Dataminr's analysis shows a heavier concentration of high-impact events, with clusters of losses at the $100 million and even $1 billion-plus levels.

Organizations are now confronting fewer but more systemic, multi-vector attacks that combine credential theft, data exfiltration, operational disruption, and regulatory exposure.

Supply chain risk is also a critical factor, with one in four modern breaches exploiting third-party vulnerabilities, often weaponized within the same year of disclosure.

Traditional technical severity scores are deemed insufficient, requiring contextualization with exploitation likelihood, industry targeting, and modeled financial impact to accurately reflect business risk.

The report concludes that the current pace and scale of cyber threats have overwhelmed human-only security teams. With vast amounts of data ingested daily and millions of alerts generated annually, purpose-built AI platforms are essential to correlate signals early, reduce dwell time, and prevent catastrophic loss events.