2025 Annual Threat Report
SMBs in the Crosshairs – Key Insights from the N-able 2025 Annual Threat Report
Small and medium-sized businesses (SMBs) are now prime targets for cybercriminals. The N-able 2025 Annual Threat Report reveals a dramatic surge in attacks, with threat instances rising from 48,749 in June 2024 to over 13.3 million by June 2025—a staggering 273-fold increase. Here’s what every SMB needs to know:
6 key points
1. Why SMBs Are Being Targeted
- Weaker Defences: SMBs often lack the robust security of larger enterprises, making them easier and more profitable for attackers.
- Ransomware Dominates: 88% of confirmed SMB breaches involved ransomware or data extortion.
- Big Payouts from Small Targets: Attackers find SMBs lucrative, with smaller ransoms adding up quickly
3. The Changing Attack Landscape
- Digital Acceleration: SMBs have adopted cloud, IoT, and remote work tools, expanding their attack surface.
- Industrialised Crime:Ransomware-as-a-Service (RaaS) allows even low-skilled attackers to launch sophisticated attacks.
- AI-Powered Social Engineering: Generative AI helps attackers craft convincing phishing messages and deepfakes.
5. Defending Against Modern Threats
Go Back to Basics: The report urges SMBs to focus on practical, high-impact defences:
- Implement phishing-resistant multi-factor authentication (MFA)
- Harden remote access and patch management
- Maintain secure backups and disaster recovery plans
- Deploy endpoint detection and response (EDR) solutions
- Educate staff about phishing and social engineering
2. The Top Threats in 2025
- Play: A ransomware group targeting exposed devices and using stolen credentials.
- Qilin: Known for phishing campaigns and exploiting remote access tools, especially targeting managed service providers.
- Tycoon 2FA: A Phishing-as-a-Service provider enabling business email compromise (BEC) attacks, often bypassing multi-factor authentication.
4. What Really Hurts SMBs
- Business Email Compromise (BEC): Now rivals ransomware as the top incident pattern.
- Credential Stuffing & MFA Fatigue: Attackers exploit reused passwords and weak authentication.
- Regulatory Pressure: New rules mean fines and penalties can exceed the cost of a breach.
6. The Outlook
- Preparation Pays Off: More SMBs are refusing to pay ransoms, showing that good preparation works.
- Identity Is the New Perimeter: Passwords alone are no longer enough—identity-centric security is essential.
- Regulations Are Tightening: Compliance is no longer optional, with global rules and insurance requirements raising the bar.
Conclusion:
SMBs face unprecedented cyber risks, but the best defence remains a strong foundation: robust authentication, regular backups, staff training, and a clear incident response plan. The cost of these defences is lower than ever, and investing in them can save your business from devastating losses.
For more information on how we can help protect you, book a 30 minute chat below.
SMBs face unprecedented cyber risks, but the best defence remains a strong foundation: robust authentication, regular backups, staff training, and a clear incident response plan. The cost of these defences is lower than ever, and investing in them can save your business from devastating losses.
For more information on how we can help protect you, book a 30 minute chat below.
