SonicWall has released its 2026 Cyber Protect Report, centred on what it describes as the Seven Deadly Sins of Cybersecurity.
The findings focus on small and medium-sized businesses, which continue to suffer breaches because of basic operational gaps rather than highly advanced attack methods.
High- and medium-severity attacks rose 20.8% to more than 13 billion hits, based on data from a global network of more than one million security sensors. The report points to a threat environment shaped by more targeted and increasingly AI-enabled attackers.
Attack traffic is also becoming more automated. Automated bots now generate more than 36,000 vulnerability scans every second and account for more than half of all internet traffic, while bad bots make up 37% of global internet traffic.
Other areas of concern include internet-connected devices and long-running software flaws. IoT attacks climbed 11% to 610 million hits, while Log4j generated 824.9 million intrusion prevention system hits in 2025, several years after the vulnerability became widely known.
Identity-related threats featured heavily in the research. Identity, cloud and credential compromise accounted for 85% of actionable security alerts, suggesting stolen passwords and weak access controls remain central to many attacks.
Ransomware also remains a heavier burden for smaller firms than for larger organisations. The report found 88% of SMB breaches involved ransomware in 2025, more than double the rate recorded at large enterprises.
Seven gaps
The latest report marks a shift from reporting threat volumes alone to examining protection outcomes. It identifies seven recurring failures that appeared repeatedly across SMB breach investigations, security assessments and incident reviews.
Those failures are ignoring the fundamentals, false confidence, overexposed access, a reactive security posture, cost-driven security decisions, reliance on legacy access models and chasing hype over execution.
The first category includes weak authentication, unpatched systems and excessive administrator privileges. False confidence refers to businesses assuming they are too small to be targeted or believing their existing controls are stronger than they are.
Overexposed access includes permissive rules, flat networks and broad internal trust once a user has authenticated. A reactive posture describes organisations without around-the-clock monitoring and threat hunting; the report says the average breach goes undetected for 181 days.
It also links budget pressures to delayed security spending, estimating that a single SMB breach can exceed USD $4.91 million when downtime and recovery costs are included.
Legacy remote access remains another concern. VPN vulnerabilities grew 82.5% over the period analysed, while broad network access granted after a single authentication step continues to be exploited.
The final category, chasing hype over execution, describes organisations buying new tools without fully deploying them or expecting software alone to solve process failures.
“SonicWall data reveals attacks are getting faster, and in some instances, they’re getting a little more sophisticated,” said Michael Crean, Senior Vice President and General Manager of Managed Security Services at SonicWall. “But the vast majority of the attacks that we’re seeing and investigating are basic fundamentals that continue to be missed. The danger isn’t that AI isn’t working; it’s that we’re using it as an excuse not to do the things we already know we should.”
SMB pressure
The report places particular emphasis on the position of smaller businesses in the wider economy and on the role of managed service providers and managed security service providers that support them.
The research is intended to help those providers discuss cyber risk with SMB customers in business terms rather than only through technical threat data. It reflects a broader shift in cybersecurity marketing and reporting towards measurable business impact, particularly as boards and owners weigh security spending against operational pressures.
Crean said the common thread in many incidents was not novelty but repeatable mistakes.
“The organizations that suffer the most are not failing because of sophisticated attacks, they’re failing because of predictable, preventable gaps,” he said. “SMBs are the backbone of the U.S. economy, representing 99% of all U.S. businesses and nearly half of private sector employment. Protecting them protects entire communities. That’s why this report is designed around protection outcomes, not just threat statistics.”
Click Here For The Original Source.
