Every year, the cyber threat landscape becomes more complex, and protecting data, infrastructure, and people is a constantly moving target. As adversaries and tactics they use evolve, so should our defensive approaches. While security teams work to have a clear understanding of threats to their environments and underlying risks, pulling back and learning what’s happening at a global scale can help inform their present and future plans.
This is why our team at Dataminr has authored the 2026 Cyber Threat Landscape Report. Thanks to our daily ingestion of more than 43 terabytes of data from over 1 million unique data sources and a proprietary knowledge graph of more than 3 billion entities, we are not only able to identify and alert on emerging threats in real time, but also able to zoom out and look at the cyber threat landscape as a massive, collective indication of how adversaries are evolving.
In the report, we dive into critical trends and shifts that impact how security teams should address some of our most well-known responsibilities, such as vulnerability management, third-party risk, identity, and threat actor TTPs. In addition, we take a look at how the potential financial impact of a cyber event has changed in the last couple of years and what that could mean for CISOs who need to quantify risk more accurately now than ever before.
Here are a few reflections on what these shifts mean for the year ahead, grounded in the trends we’ve been tracking at Dataminr.
The Identity Trap
The traditional logic behind identity is failing. Historically, if your users leveraged a multi-factor authentication (MFA) tool or maybe even had a hardware token, it was difficult for a threat actor to log in on their behalf—even if they had the user’s password.
Now, MFA bypass is becoming more common. In addition, we’re seeing infostealers like Lumma Stealer and Formbook distributed in malware-as-a-service (MaaS) models. Then there’s the ever-present problem of credentials that are leaked as part of a larger breach and sold on forums across the Dark Web. To make things even more difficult, groups like Scattered Lapsus$ Hunters (SLH) have a highly effective AI-driven social engineering playbook to convince employees to give up credentials over the phone.
From a practitioner’s perspective, this is frustrating because it bypasses so much of our traditional “hardened” infrastructure. When threat actors can talk a help desk employee into resetting a password, it doesn’t matter how expensive your firewall was. We have to stop thinking of identity as a gate and start thinking of it as a continuous, high-risk variable.
The Patching Treadmill is Broken
We also need to have an honest conversation about vulnerability management and prioritization. With thousands of CVEs disclosed every year, security teams can’t just rely on the common vulnerability severity score (CVSS) to decide what to patch. These scores focus on the technical impacts of a vulnerability, but tell you very little about actual risk to your organization. There has to be a balance between the CVSS, potential economic impact, exposure, and likelihood of being targeted. Then there’s the issue of the “patch bypass epidemic” we saw in 2025, where vendors weren’t fixing the root cause of issues, causing re-exploitation by threat actors days or weeks after the initial patch was released.
If you’re a CISO, you can’t just tell your team to “patch everything.” It’s a recipe for burnout and it doesn’t actually lower your risk profile if the patches themselves are being bypassed. The focus has to shift from “is this a critical CVE?” to “is this specific flaw being targeted in my sector, and can the attacker actually reach my crown jewels through it?” Context is the only thing that makes a 10,000-item backlog manageable.
Cyber Risk as a Balance Sheet Issue
For years, a cyber attack was an operational headache. Maybe you lost some data, maybe you paid a fine. But 2025 showed us the rise of what we call the “mega-loss.” Using more than 20 years of historical loss data gathered from filings, industry data, and our own research, we were able to identify significant changes in the potential financial impact of attacks.
We started seeing clusters of losses in the $100 million to $1 billion range. These aren’t just “incidents” anymore; they are events that change the financial trajectory of a company. When a single ransomware event can wipe out a quarter’s earnings, cybersecurity is no longer a “tech problem”—it’s a balance sheet risk. This is why we’re seeing more boards demand actual risk quantification rather than just a report on how many viruses were blocked.
Scale With the Cyber Threat Landscape
Adversaries are already using AI to lower the barrier for entry and automate their reconnaissance, which is just one of the contributing factors to the 225% growth in threat actor alerts between 2024 and 2025. This encompasses millions of incidents across external threats like malware and ransomware, vulnerability alerts such as exploit PoCs and emerging vulnerabilities, and digital risks such as domain impersonations, doxxing, and data exposure.
Through this report, it becomes clear that the power of interconnected intelligence and need for purpose-built AI are non-negotiables when it comes to handling the chaos of today’s cyber threat landscape. Now, to get the full picture, it’s important for teams to get a holistic view of their exposure, understand the context of alerts, and connect technical findings with business impact to optimize their operational resilience. Combine this with purpose-built AI that can help address the talent shortage by acting as a force multiplier to what your team is already doing, and teams can put themselves in an advantageous position.
The goal for 2026 isn’t to be “unhackable.” That’s a myth. The goal is to be resilient enough to see the threat coming, understand its context, and shut down the blast radius before it hits the balance sheet.
Dive into the 2026 Cyber Threat Landscape Report
Uncover in-depth findings from the cyber threat landscape to help inform and modernize your cyber defense strategy in 2026.
Read Report
