Attacks Are Evolving: 3 Ways To Protect Your Business In 2026
Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payday.
But in 2025, the data breaches that affected small and medium-sized businesses (SMBs) challenged our perceived wisdom about exactly which types of businesses cybercriminals are targeting.
This article will outline the learnings from key data breaches in 2025 as well as the most effective ways for SMBs to protect themselves in the coming year.
Prior to 2025, large businesses were popular targets for hackers because of their large pools of resources. It was assumed that smaller businesses simply weren't as vulnerable to cyberattacks because there was less value in attacking them.
But new security research from the Data Breach Observatory shows that's changing: Small- and medium-sized businesses (SMBs) are now more likely to become a target. This change in tactic has been caused by large businesses investing in their cybersecurity and also refusing to pay ransoms. Cybercriminals are less likely to extract anything of value by attacking these businesses, so instead they're turning to attacking smaller businesses.
While the payday may be smaller when attacking SMBs, by increasing the volume of attacks, cybercriminals can make up the shortfall. Smaller businesses have fewer resources to protect their networks and thus have become more reliable targets. Four in five small businesses have suffered a recent data breach.
By examining some of these data breaches and the companies they affected, a pattern emerges, and failings can be identified. Here are three key SMB data breaches from 2025:
Looking at these particular breaches and taking into account the wider data breach landscape, we can identify trends that shaped 2025:
With these trends in mind, it's likely that hackers will continue targeting SMBs in the new year. If your organization falls into this category, your risk of a data breach could be higher.
It's not inevitable, however. By considering your business's sensitive data, how it's stored, and what you use to protect it, you can secure your organization.
Source: The Hacker News
