The latest, 2025 Security Operations Report by the cyber security company Arctic Wolf analyses more than 330tn security observations and details how adversaries are accelerating their tactics, exploiting identity and timing to bypass defenses.
The new 22-page report says despite unprecedented investment in cybersecurity, the pace and complexity of today’s threats continue to challenge even the most mature organisations. Attackers are moving faster, targeting new attack surfaces, and exploiting new vulnerabilities in ways that traditional defenses often miss.
The findings not only reveal how threat actors are evolving but also highlight the common operational pressures the security teams face. The insights in the 2025 Security Operations Report give leaders a benchmark to measure their own programs, identify gaps, and prioritize defenses that drive measurable resilience.
The major findings from the report include:
- 24×7 vigilance is critical: 51% of alerts issued occurred outside business hours, with 15% of total alerts taking place on weekends.
- AI and human expertise accelerate response: Alpha AI triaged 10% of alerts, eliminating more than 860,000 manual reviews and contributing to a 37% decrease in Mean Time to Ticket (MTTT) over two years.
- Certain industries remain prime targets: Education, healthcare, and manufacturing topped the charts for attack volume due to outdated infrastructure, valuable data, and low tolerance for downtime.
- Mega events showcase new attacker playbooks: Campaigns such as those launched on Fortinet FortiGate firewall devices and SonicWall CVE-2024-40766 in the last year showed how adversaries exploit identity and VPN weaknesses to escalate privileges and encrypt unmonitored systems in under 90 minutes.
Arctic Wolf president technology and services Dan Schiappa said, “Today’s threat landscape is defined by round-the-clock attacks that target identity, exploit timing, and drive alert fatigue, leaving defenders to navigate increasingly complex tactics. Because we operate at global scale, we have unmatched visibility into how attackers adapt and how defenders respond.”