84% of business owners still self-manage their cybersecurity programs.

56.4% of 2025 ransomware CVEs are first identified through active zero-day exploitation

54% of cyber leaders at SMBs still self-manage their cybersecurity programs.

56% of cyber leaders at SMBs report increased anxiety due to cybersecurity responsibilities.

50% of SMBs say they would lose customers after a successful breach.

58% of SMBs experienced website downtime in the past 12 months.

55% of SMBs experienced third-party or vendor outages in the past 12 months.

51% of SMBs experienced point-of-sale software downtime in the past 12 months.

95% of organizations are increasing cybersecurity budgets in 2026.

74% of organizations are seeing double-digit cybersecurity budget growth in 2026.

The quickest data exfiltration attack in 2025 took just 6 minutes versus over 4 hours in 2024.

80% of ransomware groups use AI, automation, or both in their attacks.

BoaLoader malware is a factor in nearly 20% of incidents observed in the calendar year.

37.9% of small to mid-size organizations agree with the statement “We have observed a significant increase in sophisticated, AI-driven social engineering attacks targeting our employees in the past 12 months.”

24.1% of small to mid-size organizations strongly agree with the statement “We have observed a significant increase in sophisticated, AI-driven social engineering attacks targeting our employees in the past 12 months.”

8.5% of small to mid-size organizations strongly disagree with the statement “We have observed a significant increase in sophisticated, AI-driven social engineering attacks targeting our employees in the past 12 months.”

44.4% of SMBs say poor coordination is the key hurdle to resolving security vulnerabilities and incidents.

41.7% of SMBs say containment is the key hurdle to resolving security vulnerabilities and incidents.

Only ~25% of Medium & Low Priority alerts are investigated by SMBs.

FAMOUS CHOLLIMA activity more than doubled.