Step Aside, Greed And Lust. SMB Cybersecurity Has Its Own Seven Deadly Sins. Let’s See What’s In The Box.
Small businesses don’t need a dramatic story to feel worried about 2026. According to SonicWall’s new Cyber Protect Report, the real threats are easy to spot. The main problems aren’t rare zero-day attacks or movie-style hackers. Instead, they are old security gaps, weak habits, and assumptions that go unchecked. SonicWall describes these as the seven deadly sins of SMB cybersecurity, and each one can be avoided. The main message is clear: attackers are becoming more precise, but many small and midsize businesses still leave themselves open to the same risks.
Attackers Are Hitting Better, Not Just Harder
The report starts by focusing less on dramatic threats and more on real protection results. On page 5, SonicWall reports that high- and medium-severity intrusion prevention events rose by 20.8% to 13 billion, even though the total number of intrusion attempts stayed about the same. This means defenders are seeing fewer meaningless probes and more serious attacks. On page 8, SonicWall notes that automated bots now launch over 36,000 vulnerability scans every second, and bad bot traffic has grown to 37% of all internet traffic. On page 7, the report points out that Log4j was still targeted more than 825 million times in 2025, four years after it was first discovered. Old vulnerabilities continue to be valuable for criminals.
Michael Crean, SonicWall’s GM of Managed Security Services, says it clearly: “the vast majority of the attacks that we’re seeing and investigating are basic fundamentals that continue to be missed.” This statement sums up the main point and serves as a warning.
Sin One Through Three: Basics, Blindness, And Bad Access
The first sin is Ignoring The Fundamentals. SonicWall says identity, cloud, and credential compromise account for 85% of actionable alerts. Weak or missing MFA, poor patch discipline, and excessive admin privileges remain the main attack surface. The report also says 61% of exploits occur within 48 hours of proof-of-concept disclosure, while many organizations take far longer to patch. For cyber insurers, that should sound familiar. SonicWall includes partner claims data showing 98% of claims stem from business email compromise and funds transfer fraud. The fix can be astonishingly simple: verify payment changes by voice, every time.
The second sin is False Confidence. SonicWall says many small businesses still believe they’re too small for attackers to target. The report includes a reality check: ransomware accounted for 88% of SMB breaches last year, compared to only 39% for big companies. There’s also a gap between what leaders think and what front-line employees see. Leaders often feel safe while staff spot the cracks. As SonicWall puts it, feeling confident alone won’t protect you. Checking your defenses will.
The third sin is Overexposed Access. Flat networks, permissive firewall rules, and trust that continues after login give attackers room to roam. On page 21, SonicWall says 48% of breaches involved compromised VPN credentials as the initial access method. It also says restrictive firewall rules can slow attackers by seven times compared with “any/any” rules. That 72-minute difference can decide whether an incident is contained or escalates into a ransomware incident.
Watch – SMB Cyber Insurance Requirements
Sin Four Through Seven: Delay, Cheapness, Legacy, And Hype
The fourth sin is Reactive Security Posture. On average, breaches go unnoticed for 181 days. Half of all alerts are ignored because people are overwhelmed or there’s a lack of dedicated security staff, something most small businesses know all too well. Tools might flag the risk, but you need someone to look and act.
The fifth sin is Cost-Driven Security Decisions. SonicWall argues that cheap security creates expensive problems. A single SMB breach can exceed $4.91 million when downtime and recovery are included, according to the press release. The report says organizations with incident response plans save $1.23 million per breach on average. In other words, the “savings” from skipping training, delaying planning, or buying the cheapest tool can boomerang with interest.
The sixth sin is Reliance On Legacy Access Models. VPNs still dominate remote access, but SonicWall paints them as aging drawbridges over dry moats. The report says VPN CVEs grew 82.5% over the analyzed period. It also says 48% of breaches traced back to compromised VPN credentials, often helped by absent MFA and broad post-login access. SonicWall’s verdict is clear: identity is the new perimeter.
The seventh sin is Chasing Hype Over Execution. AI matters. The report says AI-enabled adversaries are rising sharply, but SonicWall warns against prioritizing new tools while ignoring essentials like MFA, patches, and alert response. The clear takeaway: execution of basic security controls is more important than adopting shiny, new solutions. In their words, “Tools don’t create outcomes. Execution does.” That line may be the cleanest summary of the entire document.
SMB Cybersecurity Failure Threats
“SMBs are the backbone of the U.S. economy, representing 99% of all U.S. businesses and nearly half of private sector employment. Protecting them protects entire communities. That’s why this report is designed around protection outcomes, not just threat statistics,” said Crean.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Why This Matters For Cyber Insurance
For those in cyber insurance, the report feels like an underwriting guide: security gaps lead to claims, which then lead to more scrutiny and questions about coverage. SonicWall’s main point is clear: technology alone is not enough to protect you. What matters most is how well you execute and manage your security. The lesson for brokers, carriers, MSPs, MSSPs, and SMB owners is that breaches can happen to anyone, and good security habits, not just technology, make the real difference.
FAQ SMB Cybersecurity
They are ignoring fundamentals, false confidence, overexposed access, reactive security, cost-driven decisions, legacy access models, and chasing hype over execution.
SMBs face enterprise-grade threats with fewer people, less budget, and less time. That makes basic security gaps more dangerous.
Most breaches still start with weak passwords, missing MFA, slow patching, or excessive privileges. Attackers keep exploiting what works.
Yes. The report says ransomware appeared in 88% of SMB breaches. Attackers target exposed systems, not company prestige.
Broad access after login. Flat networks, permissive rules, and wide VPN access let attackers move fast after one compromise.
FAQ SMB Cybersecurity Part 2
Leaders may believe tools equal protection. Unchecked assumptions hide gaps in backups, monitoring, logging, and incident response.
It means waiting for alerts, reviewing too little, and spotting attackers late. By then, the damage often spreads.
Skipping training, delaying patching, or avoiding incident planning saves money upfront. It can cost far more after a breach.
They often authenticate once and grant broad access. Stolen credentials can open large parts of the environment.
Enforce MFA, tighten admin rights, patch internet-facing systems fast, test backups, review alerts, and verify payment changes by voice.
Related Cyber Insurance Posts
- Cybersecurity Risk Quantification: Bitdefender Launches Free Risk Assessment
- “Critical Security Gap” Amid Escalating Financial Sector Cybersecurity Threats
- “We’re Still One Big Systemic Event Away”: A Conversation with Willis’ Peter Foster
- 7 Essential Cyber Insurance Requirements You Can’t Ignore
- AI Risk and Autonomous Agents: Why Access Controls Matter – NEW PODCAST
