Guardz, the cybersecurity company empowering Managed Service Providers (MSPs) to protect small and medium-sized businesses (SMBs), today released its Mid-Year 2025 SMB Threat Report, which reveals a dramatic escalation in the number of cyberattacks targeting SMBs. According to threat intelligence gathered directly from the Guardz customer base, SMBs faced nearly twice as many weekly incidents in the first half of 2025 compared to the same period last year.

The rate of cyberattacks against SMBs is accelerating at an unprecedented pace; businesses once thought 'too small to target' are now facing relentless attempts from increasingly sophisticated criminal groups. The rise of easily accessible Attack-as-a-Service offerings on the dark web has further lowered the barrier to entry, enabling even inexperienced threat actors to launch highly effective campaigns. This mounting pressure underscores the critical role of MSPs, who are uniquely positioned to deliver layered defenses, proactive monitoring, and incident response capabilities that SMBs cannot easily build or manage on their own.

"The first half of 2025 has been a stark reminder of just how quickly the cyber threat landscape is evolving. For many SMBs, this reality has been eye-opening: attacks have skyrocketed exponentially and are more sophisticated and damaging than ever before," said Dor Eisner, CEO and co-founder of Guardz. "The message is clear – no business is too small to be a target. Hackers are going after SMBs with the same force as large enterprises, but these businesses often lack enterprise-level defenses. That's why it's so important for SMBs to adopt solutions that make it simple to manage, detect, and respond to threats, with MSPs providing the expertise and proactive support necessary to stay secure and resilient."

Key findings from the Guardz SMB Threat Report include:

• Rampant Ransomware: Nearly 100 types of ransomware detections were logged among SMBs in the first half of 2025. Many paired encryption with data theft for extortion, while one-quarter of breaches involved data theft alone, in favor of pure extortion.

• Credentials Under Siege: Credential-focused attacks rose the most across all attack types, with over 80% of breaches involving stolen or compromised passwords. This class of attacks included password spraying (576 cases), credential stuffing (437), MFA bypass (312), legacy authentication abuse (298), and account takeover (267), totaling 1,890 incidents – or 62% of all identity-based attacks.

• Phishing & BEC Persist: Phishing accounted for 1,876 incidents, while 1,423 Business Email Compromise (BEC) scams were recorded. Generative AI has increased the believability of phishing messages, powering 893 AI-enhanced attacks and deepfake impersonations that can fool even tech-savvy users.

• Cloud Exploitation Soars: Password attacks on cloud accounts spiked tenfold, targeting cloud login portals. Microsoft 365 environments saw 3,042 attacks, with Outlook/Exchange alone making up 41% of cases. Google Workspace apps were targeted with 2,335 attacks, led by phishing (38%) and OAuth app abuse (18%).

Guardz also found that the impact and severity of attacks varied significantly by industry. Financial services absorbed the largest share at 24.4% of all incidents, with an average severity score of 4.8 out of 5. Healthcare followed with 18.9% of attacks (severity 4.7), while manufacturing accounted for 13.9% (severity 4.4). Government entities faced 12.7% of attacks but experienced the highest severity overall, with an average score of 4.9. Other sectors were also affected, including professional services (10.3%), education (9.5%), retail (5.9%), and energy and utilities (4.4%).

Unlike many threat reports built on broad, enterprise-focused datasets, the Guardz SMB Threat Report draws directly from live telemetry across SMB environments managed by Guardz. This ground-level perspective offers a uniquely relevant look at the enterprise-grade threats small businesses face daily and the resilience strategies they need most. The findings highlight a surge in AI-driven impersonation, session hijacking and token theft, and cloud supply chain exploits. Threat actors are increasingly leveraging legitimate tools in 'living off the land' (LOTL) attacks, while deepfake content and gen AI are accelerating attack development at scale.

The Guardz SMB Threat Report reflects findings derived from anonymized telemetry across Guardz-managed environments, covering hundreds of thousands of users worldwide. This includes detections from endpoints, emails, cloud accounts, and identity-related events, supplemented by the Guardz Research Unit's (GRU) threat hunting. To read the full report, visit the Guardz blog.