Small and mid-sized businesses (SMBs) are suffering from a continuing onslaught of cyberattacks as threat actors adopt more efficient targeting and AI-driven attacks, according to a new report from cybersecurity firm SonicWall.
According to the ‘2025 SonicWall Annual Cyber Threat‘ report, SMBs and organisations of all sizes can no longer combat the level of cyberattacks – relying on the expertise of a trusted Managed Service Provider (MSP) to defend at-risk revenue and protect the integrity of brands and organisations.
SMBs are facing a storm of cyber threats, as attackers leverage automation, AI, and advanced evasion techniques to evade traditional defences. In fact, AI automation tools are lowering barriers for entry, while increasing attack complexity. SonicWall found that Server-Side Request Forgery (SSRF) attacks saw a dramatic 452 per cent increase compared to 2023.
These evolving tactics make it almost impossible for businesses to defend themselves without dedicated cybersecurity expertise. In light of these tough conditions, it appears clear that SMBs must prioritise proactive security measures, or suffer the consequences.
“Threat actors are moving at an unprecedented pace, exploiting new vulnerabilities within days, while we’re observing that it takes some organisations 120 to 150 days to apply a critical patch,” explained Bob VanKirk, CEO of SonicWall. “Now more than ever, businesses need the expertise of an MSP/MSSP backed by with real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough, businesses must adopt a new mindset to stay ahead of modern cyber threats.”
SonicWall intelligence found that on average, companies were under critical attack – the type of attack most likely to deplete business resources – for 68 days. Meanwhile, ransomware continues to rise, increasing eight per cent in North America and surging 259 per cent in Latin America. Malware also spiked eight per cent year-over-year, while IoT attacks jumped 124 per cent and encrypted threats climbed 93 per cent.
Searching for the right partner for protection
The most types of cyberattacks experienced have also changed, says SonicWall. Nearly one third of all reported cyber events were business email compromise attacks – seeing a significant rise from only nine per cent in 2023.
But in the healthcare industry, ransomware was far and away the biggest threat, utilised in 95 per cent of all breaches in this sector.
“The data in this year’s threat report underscores a disturbing reality: threat actors are exploiting vulnerabilities at lightning speed, while organisations take far too long to respond,” added Douglas McKee, executive director of threat research at SonicWall. “Our findings indicate that organisations struggle to keep their businesses safe from the ever-present cyber threats, and the data that we gather paints a clear picture of the growing challenges they face. From ransomware surges to the rapid rise in IoT and encrypted threats, businesses are increasingly at risk.”
“With the increasing speed and sophistication of cyber threats, we needed a partner that could provide real-time threat intelligence and proactive security,” said Nick Sabatini, vice president of managed services at business technology solution provider Ubeo. “Ubeo is focused on best-in-class partners that bring innovation and flexibility to meet our customers’ needs, and SonicWall’s SOC services allow us to deliver 24/7 monitoring and rapid threat response, ensuring our customers stay protected without the burden of managing security alone.
“Their expertise and advanced security solutions empower us to protect businesses against today’s relentless cyberattacks. We’ve seen firsthand how SonicWall’s expanded portfolio and global security reach have helped us better protect our clients and respond to the increasingly sophisticated threat landscape.”
