Adversaries are accelerating their tactics, exploiting identity and timing to bypass defenses. Attackers are moving faster, targeting new attack surfaces, and exploiting new vulnerabilities in ways that traditional defenses often miss. And, despite unprecedented investment in cybersecurity, the pace and complexity of today’s threats continue to challenge even the most mature organizations.
In fact, a majority of security alerts now happen outside of regular business hours, according to Arctic Wolf’s 2025 Security Operations Report.
“Today’s threat landscape is defined by around-the-clock attacks that target identity, exploit timing, and drive alert fatigue, leaving defenders to navigate increasingly complex tactics,” says Dan Schiappa, president, technology and services, Arctic Wolf. “Because we operate at global scale, we have unmatched visibility into how attackers adapt and how defenders respond. This report distills those insights into clear guidance organizations can use to strengthen defenses and prepare for what comes next.”
Key takeaways:
- 51% of alerts issued occurred outside business hours, with 15% of total alerts taking place on weekends.
- The Aurora Platform reduced 330 trillion raw observations down to 8.6 million alerts, a noise reduction rate of more than 99.99999%, or one alert for every 138 million observations.
- Alpha AI triaged 10% of alerts, eliminating more than 860,000 manual reviews and contributing to a 37% decrease in Mean Time to Ticket (MTTT) over two years.
- Manufacturing topped the charts for attack volume due to outdated infrastructure, valuable data, and low tolerance for downtime.
