SonicWall has recast its annual cyber research around business protection outcomes, arguing that small and mid-sized businesses are still being exposed less by exotic new attacks than by familiar operational gaps. The company’s 2026 Cyber Protect Report replaces a pure threat-counting approach with a framework built around what it calls the Seven Deadly Sins of Cybersecurity.
At the centre of the report is a blunt assessment of where risk is sitting for SMBs. SonicWall said high and medium severity attacks rose 20.8% last year to more than 13 billion hits, while automated bots now generate more than 36,000 vulnerability scans every second and account for more than half of all internet traffic. Bad bot traffic alone, it said, now represents 37% of global internet traffic.
The report also found that IoT attacks climbed 11% to 610 million hits, while Log4j continued to register 824.9 million intrusion prevention system hits in 2025, four years after the vulnerability was first disclosed. Identity, cloud, and credential compromise accounted for 85% of actionable security alerts, reinforcing SonicWall’s argument that stolen credentials and weak controls remain the fastest route into many environments.
Michael Crean, SVP and GM of Managed Security Services at SonicWall, said: “SonicWall data reveals attacks are getting faster, and in some instances, they’re getting a little more sophisticated. But the vast majority of the attacks that we’re seeing and investigating are basic fundamentals that continue to be missed. The danger isn’t that AI isn’t working; it’s that we’re using it as an excuse not to do the things we already know we should.”
Rather than presenting breach risk as a product of rare or highly specialised attack methods, SonicWall said its researchers repeatedly saw seven preventable failures across breach investigations, security assessments, and incident reviews. Those included weak authentication and unpatched systems, overconfidence in existing controls, overly permissive access, reactive rather than continuous monitoring, short-term budget decisions, reliance on legacy VPN-led access models, and the purchase of new tools without full deployment or process discipline behind them.
The commercial case in the report is equally direct. SonicWall said 88% of SMB breaches involved ransomware in 2025, more than double the rate seen at large enterprises. It also pointed to an average breach detection window of 181 days where monitoring and threat hunting are absent, while warning that a single SMB breach can exceed $4.91 million once downtime and recovery are included. VPN-related CVEs, meanwhile, rose 82.5% over the analysed period.
The report is designed as much for service providers as for end users. SonicWall said the 2026 edition is intended to help MSPs and MSSPs translate technical threat data into business risk language for decision-makers, particularly in smaller organisations where security investment is often weighed against immediate operating pressures.
The full report can be downloaded here.
You must be logged in to post a comment.