Small and medium-sized businesses are now at the center of the global cyber threat landscape. In just the first half of 2025, Guardz telemetry recorded nearly double the weekly incidents compared to last year. Attackers are scaling enterprise-grade tactics down to SMBs, who often lack the security resources to defend themselves.
To help MSPs navigate this escalating threat environment, Guardz has released the SMB Threat Report Mid-Year 2025. Built from anonymized telemetry across thousands of Guardz-managed environments, the report offers an unfiltered look into how attackers are adapting and what MSPs must do to stay ahead.
What the Data Reveals
The report sheds light on how attackers are evolving and which vectors pose the greatest risk:
Ransomware remains relentless
Criminal groups continue to exploit SMBs as “soft targets,” deploying double-extortion tactics that combine encryption with data theft. Even one day of downtime can cripple a small business, making prevention and recovery planning essential.
Credentials fuel the majority of breaches
Over 80% of breaches involve stolen or compromised passwords. Infostealing malware, session hijacking, and token theft are enabling attackers to move quietly within environments and escalate privileges without detection.
Phishing and BEC adapt with AI
Phishing continues to account for roughly one-fifth of breaches. Generative AI is enabling attackers to craft polished scam emails and deepfake impersonations that are harder to spot, driving financial losses and operational disruption.
Cloud exploitation accelerates
As SMBs migrate data and operations to the cloud, attackers follow. Automated password attacks, token theft, OAuth abuse, and misconfigurations are driving a surge in cloud account takeovers and data exfiltration.
Industries under fire
Financial services, healthcare, and government are among the hardest hit sectors, but manufacturing, professional services, education, retail, and energy and utilities are also heavily targeted. Attackers are focusing on identity and collaboration platforms to maximize disruption.
Why MSPs Should Care
The SMB Threat Report is more than a snapshot of the threat landscape. It’s a playbook MSPs can use to:
- Educate SMB customers on the real risks facing their businesses
- Prove the business value of proactive cybersecurity measures
- Stay informed on attacker tactics before they hit and impact client environments
Download the Full Report
Cybercriminals are innovating faster than ever, but MSPs have an opportunity to lead the defense. The SMB Threat Report Mid-Year 2025 gives you the data and insight you need to protect your customers and grow your business.
