Dark web monitoring is shifting from a nice-to-have service to a baseline expectation for organizations in 2025, according to Neal Jardine (pictured), chief cyber intelligence and claims officer at BOXX Insurance.
The reason for the change is simple: the scale and speed of stolen data trading online is accelerating.
“We’re seeing more attacks, we’re seeing more theft of credentials, and we’re seeing more data for sale on the dark web,” Jardine said.
That, he added, is the reason why BOXX includes dark web monitoring as part of its member platform at no added cost. Speaking to Insurance Business, Jardine described the service as “table stakes” for modern cyber protection.
The aim, he stressed, is early detection, as many breaches go unnoticed because attackers use valid credentials siphoned from previous incidents.
“You may not realize someone’s in your system because they’re using credentials that have been siphoned away via the dark web,” he said.
Jardine says artificial intelligence is transforming the way that bad actors exploit dark web data.
On the criminal side, AI tools can automatically scan vast troves of stolen data, identify patterns, and match email addresses with passwords sourced from multiple breaches. This allows attackers to discover common password habits, guess credentials across multiple platforms, and accelerate account takeovers.
“It becomes even more critical when you add AI to it,” he said. “Now you have AI scanning the dark web for email addresses and user credentials and matching those with password lists… helping to identify patterns in people’s passwords [and] passwords commonly used across multiple platforms.”
For legitimate security teams, the same technology can be harnessed to strengthen defences. AI-powered monitoring can cut through the noise of millions of stolen records, flagging the handful of entries that are directly relevant to a given company. This is essential when stolen data is buried “in 10,000 lines of… documents” and could otherwise go unnoticed until it’s too late, Jardine said.
“AI empowers us to scale the review of a large amount of data in new, better and faster ways” Jardine said. “It can help us quickly identify and respond to cyber threats,” allowing faster remediation before criminals act, he added.
When asked about the most common data types for sale, Jardine pointed first to login credentials.
“Most of the time, it’s usernames and passwords,” he said. These often include passwords that victims reuse across different platforms, which increases their value to cybercriminals.
Beyond credentials, the dark web also hosts stolen corporate documents, banking details, and access information that criminals can resell to others.
Some listings are effectively “how-to” guides for breaking into a specific organization’s systems. Dark web monitoring can alert companies to these threats before an attack is launched, Jardine said.
He emphasized that even seemingly small exposures can lead to major incidents, especially if the stolen data grants an attacker initial system access.
“Some cybercriminals will find a loophole or a way to get into an organization, they'll resell that on the dark web,” Jardine said.
For Jardine, the real value of dark web monitoring lies in speed and accessibility. Stolen data is most dangerous when it sits undetected, giving attackers ample time to exploit it.
Real-time alerts allow companies to take immediate action – forcing password resets, tightening access controls, or notifying affected customers before damage escalates. In a world where credentials can be sold and resold in hours, this early warning can be the difference between a contained incident and a costly breach.
The urgency Jardine describes is backed by numbers. He and his team recently published a report citing data showing that nearly half (45 percent) of data breaches result in stolen information appearing on the dark web within just 30 days. Employee credentials are a common target, with 60 percent of organizations having at least one exposure.
The scale of the underground market is considerable: stolen credentials surface on the dark web every 1.5 seconds, on average. Worse still, 73 percent of passwords found there are reused across multiple accounts – a habit that gives cybercriminals a multiplier effect once a single set of credentials is compromised, the report showed.
“Over 24 billion complete sets of usernames and passwords are now circulating on the dark web globally. That’s roughly four full sets of credentials for every person on Earth,” the report said.
“Without continuous dark web monitoring for activity linked to your business or household, there’s a good chance your data or identity could already be exposed before you even know there’s been a breach,” wrote Jack Brooks, head of BOXX Hackbusters and vCISO.
