SMBs Suffer Far Greater Cybersecurity Risks

Cybercriminals have increased the sophistication of their attacks and they adore targeting manufacturers. Are your cybersecurity software and policies up to date and ready to repel the invaders?

Verizon’s 2026 Data Breach Investigations Report (DBIR), based on 22,000 confirmed data breaches in 145 countries, says that cybercriminals continue finding zero-day and critical vulnerabilities, deploy GenAI to improve their attack tools and have become increasingly complex with their social engineering schemes.

Cybercrime has not changed much since last year’s report in terms of targets or what motivates cybercriminals. The cybersecurity standards and hygiene to keep you ahead of the hackers and better able to manage breaches if they occur haven’t changed either.

Manufacturing in the Cybersecurity Spotlight, Again

At this point, anyone that doesn’t know manufacturing is one of the top sectors targeted by cybercriminals hasn’t been paying attention. In almost every cybersecurity report we read, manufacturing leads or tops the list of popular sectors to attack.

The 2026 DBIR cites the following top three business sectors for number of incidents and confirmed attacks with stolen data:

·       Financial and insurance – 3,809 incidents, 1,300 confirmed attacks with stolen data

·       Manufacturing – 3,627 incidents, 2,713 confirmed attacks with stolen data

·       Public administration – 3,634 incidents, 2,410 confirmed attacks with stolen data

Fourth place, education services, suffered only 1,302 incidents with 1,252 confirmed attacks involving stolen data.

The primary motivation for cybercriminals to target manufacturers was financial in 87% of cases, with espionage following at 15%. By comparison, cybercriminals had financial motivations to attack the healthcare sector in 99% of cases and the financial and insurance sector in 98% of cases. Espionage motivated 33% of attacks against the public administration sector and 21% of attacks against the educational services sector.

SMBs Suffer Greater Ransomware Risks

Small and medium-sized businesses (SMBs) face precisely the same cybersecurity challenges as large businesses. The identities of the common threat actors, what they’re after and the tools they have at their disposal remain the same no matter what the target organization’s size.

When Verizon has data on the size of an organization that suffered a ransomware attack, 96% of the victims were SMBs, and cybercriminals targeting SMBs are driven 100% by financial motivations.

The fewer resources a business has to throw at cybersecurity, the more likely the business gets successfully hacked and/or cannot mitigate the effects of a breach. In such a situation, especially if the business in question is a manufacturer with only a single plant, just paying the ransom to recover the data or unlock the system must be appealing (especially if median payments continue decreasing).

This is How They Get You

Here are the top three attack types for cybercriminals in 2025, according to the report:

·       System intrusion (61%)

·       Social engineering (17%)

·       Basic Web application attacks (10%)

In a system intrusion, cybercriminals use malware, stolen credentials and exploit vulnerabilities in legitimate software among other methods to break your security and gain wide access to your systems.  Basic web application attacks also depend on detecting and exploiting vulnerabilities.

The number of incidents involving cybercriminals taking advantage of software vulnerabilities increased by 240% since last year, according to the 2026 DBIR.

Scott Miserendino, vice president of engineering, cyber at DataBee, a Comcast company, says that vulnerability exploitation is the front door for cybercriminals, and IT’s software patches can’t keep up.

“Organizations are facing a growing backlog of critical vulnerabilities, with only 26% fully remediated and a median remediation time stretching to 43 days. The gap here isn’t awareness; it’s operational execution. Security teams don’t lack vulnerability data; they lack the ability to prioritize, coordinate, and act on it at scale across fragmented environments,” says Miserendino.

Social engineering, roughly defined as tricking people to give up their login credentials with tools such as phishing emails, has become more challenging for cybercriminals but still popular. Phishing, according to the 2026 DBIR, represented 80% of all email-based attacks in 2025.

Cybercriminals have had to increase the sophistication of their social engineering-based attacks. Forty-one percent of social engineering-based data breaches used something other than email, such as social media and text messaging. Hackers even go as far as masquerading as help desk employees and attempt to gain access to credentials over the phone.

The 2026 DBIR also for the first time lists password dumpers as an attack tool used by cybercriminals. These tools steal usernames and passwords without going through login screens, attacking operating systems and memory directly.

The risk of third-party data breaches also continues unabated. The number of breaches involving third parties increased by 60% since last year, now accounting for 48% of total breaches.

How to Fight Back

I hesitate to call this good news, but organizations paid less in 2025 to unlock their data, with the average ransomware payment coming in at $139,875, versus $150,000 in 2024 and $177,614 in 2023. The percentage of organizations that did not pay ransoms at all rose to 69%, a 4% year-over-year increase.

The Verizon report suggests these improving statistics owe to organizations’ better preparedness for and increased resilience to cybercrime than in years past. To keep the trend going, organizations need to continue employing cybersecurity fundamentals.

Organizations need to train employees to account for the inclusion of social media and text messaging as phishing platforms, and how to identify suspicious requests for login credentials.

IT departments have to patch critical vulnerabilities faster and organizations need to hold third parties accountable for their own cybersecurity hygiene.

“Looking ahead, this challenge is likely to intensify. Emerging cyber-focused AI models … have the potential to dramatically accelerate vulnerability discovery and lower the barrier to exploitation. Even before broad availability, it’s reasonable to expect that attackers will gain access to similar capabilities, enabling them to uncover undisclosed vulnerabilities faster and weaponize them with far less expertise,” says Miserendino.

Finally, organizations must have a reaction plan for data breaches. The sooner an organization detects and mitigates a breach, the more likely they avoid a ransomware demand or worse.