SonicWall has released the 2026 Cyber Protect Report, shifting its approach from traditional threat reporting to a focus on protection outcomes for business leaders.
The report finds that many small and medium-sized businesses (SMBs) are affected less by complex cyberattacks and more by recurring, preventable gaps, identified as the Seven Deadly Sins of Cybersecurity. These issues are presented as key factors influencing levels of cyber resilience and exposure.
Drawing on data from a global network of more than one million security sensors, the report outlines trends in the threat landscape:
- High and medium severity attacks increased by 20.8% to more than 13 billion incidents
- Automated bots generate over 36,000 vulnerability scans per second, accounting for more than half of all internet traffic, with bad bot traffic representing 37% of global traffic
- Internet of Things (IoT) attacks rose by 11% to 610 million hits, while Log4j accounted for 824.9 million intrusion prevention system (IPS) hits in 2025
- Identity, cloud, and credential compromise account for 85% of actionable security alerts, with stolen passwords more commonly used than zero-day exploits
- SMBs experienced ransomware in 88% of breaches in 2025, more than double the rate seen in larger enterprises
The 2026 Cyber Protect Report is structured around protection outcomes rather than threat statistics alone. It identifies seven recurring operational issues, referred to as the Seven Deadly Sins of Cybersecurity:
- Ignoring the Fundamentals: Weak authentication and unpatched systems remain common vulnerabilities
- False Confidence: Overestimating security posture without validation can create gaps
- Overexposed Access: Permissive access controls and network configurations can allow lateral movement
- Reactive Security Posture: Limited monitoring and lack of proactive measures can delay detection
- Cost-Driven Security Decisions: Delayed investment may lead to higher long-term costs
- Reliance on Legacy Access Models: VPNs continue to be a commonly exploited entry point
- Chasing Hype Over Execution: Incomplete deployment of tools and processes can reduce effectiveness
The report is intended to support Managed Security Service Providers (MSSPs) in engaging with SMB decision-makers, helping to align technical threat data with business risk.
It concludes that differences in security outcomes are often linked to execution rather than technology alone, and is positioned as a resource for MSPs, MSSPs, and SMB organisations.
