SonicWall Report Finds Preventable Cyberattacks Against SMBs on the Rise

SonicWall, a Milpitas, California-based cybersecurity company, has outlined a series of preventable security gaps that are placing SMBs at serious risk.

The SonicWall 2026 Cyber Protect Report, which draws on data from the company’s global network of more than one million security sensors, claims that high and medium severity attacks surged 20.8% to 13+ billion hits, meaning that attackers aren’t striking more often, they’re striking smarter. Automated bots now generate more than 36,000 vulnerability scans per second, accounting for more than half of all internet traffic. Bad bot traffic alone has surged to 37% of all global internet traffic.

IoT attacks climbed 11% to 610 million hits; Log4j alone generated 824.9 million (intrusion prevention system) IPS hits in 2025, four years after disclosure. Identity, cloud and credential compromise account for 85% of actionable security alerts, meaning that the stolen password, not the zero-day, is the attacker’s weapon of choice.

SMBs bear a disproportionate ransomware burden: 88% of their breaches involved ransomware in 2025, more than double the rate seen at large enterprises.

“SonicWall data reveals attacks are getting faster, and in some instances, they’re getting a little more sophisticated,” said Michael Crean, SVP and GM of Managed Security Services at SonicWall. “But the vast majority of the attacks that we’re seeing and investigating are basic fundamentals that continue to be missed. The danger isn’t that AI isn’t working; it’s that we’re using it as an excuse not to do the things we already know we should.”

The report also says that key exposures include weak authentication, unpatched systems, excessive admin privileges, inadequate testing/monitoring, permissive rules, flat networks, inadequate security investment, and faulty security deployments.

“The organizations that suffer the most are not failing because of sophisticated attacks, they’re failing because of predictable, preventable gaps,” Crean added.

Channel Impact^®
The report is designed to equip MSPs and MSSPs with the data and language needed for strategic conversations with SMB decision-makers, translating technical threat intelligence into business risk that leaders can act on.