There has been a dramatic escalation in the number of cyberattacks targeting SMBs who faced nearly twice as many weekly incidents in the first half of the year compared to the same period last year.
This is according to cybersecurity organisation Guardz’s Mid-Year 2025 SMB Threat Report which says that the rate of cyberattacks against SMBs is accelerating at an unprecedented pace.
Businesses once thought “too small to target” are now facing relentless attempts from increasingly sophisticated criminal groups. The rise of easily accessible Attack-as-a-Service offerings on the dark web has further lowered the barrier to entry, enabling even inexperienced threat actors to launch highly effective campaigns. This mounting pressure underscores the critical role of MSPs, who are uniquely positioned to deliver layered defences, proactive monitoring, and incident response capabilities that SMBs cannot easily build or manage on their own.
“The first half of 2025 has been a stark reminder of just how quickly the cyberthreat landscape is evolving,” says Dor Eisner, CEO and co-founder of Guardz. “For many SMBs, this reality has been eye-opening: attacks have skyrocketed exponentially and are more sophisticated and damaging than ever before.
“The message is clear – no business is too small to be a target,” he adds. “Hackers are going after SMBs with the same force as large enterprises, but these businesses often lack enterprise-level defences. That’s why it’s so important for SMBs to adopt solutions that make it simple to manage, detect, and respond to threats – with MSPs providing the expertise and proactive support necessary to stay secure and resilient.”
Key findings from the Guardz SMB Threat Report include:
- Rampant ransomware: Nearly 100 types of ransomware detections were logged among SMBs in the first half of 2025. Many paired encryption with data theft for extortion, while one-quarter of breaches involved data theft alone, in favour of pure extortion.
- Credentials under siege: Credential-focused attacks rose the most across all attack types with over 80% of breaches involving stolen or compromised passwords. This class of attacks included password spraying (576 cases), credential stuffing (437), MFA bypass (312), legacy authentication abuse (298), and account takeover (267) totaling 1 890 incidents – or 62% of all identity-based attacks.
- Phishing & BEC persist: Phishing accounted for 1 876 incidents, while 1 423 Business Email Compromise (BEC) scams were recorded. Generative AI has increased the believability of phishing messages, powering 893 AI-enhanced attacks and deepfake impersonations that can fool even tech-savvy users.
- Cloud exploitation soars: Password attacks on cloud accounts spiked ten-fold targeting cloud login portals. Microsoft 365 environments saw 3 042 attacks, with Outlook/Exchange alone making up 41% of cases. Google Workspace apps were targeted with 2 335 attacks, led by phishing (38%) and OAuth app abuse (18%).
Guardz also found that the impact and severity of attacks varied significantly by industry.
Financial services absorbed the largest share at 24,4% of all incidents, with an average severity score of 4.8 out of 5. Healthcare followed with 18,9% of attacks (severity 4.7), while manufacturing accounted for 13,9% (severity 4.4). Government entities faced 12,7% of attacks, but experienced the highest severity overall with an average score of 4.9. Other sectors were also affected including professional services (10,3%), education (9,5%), retail (5,9%), and energy and utilities (4,4%).