SMBs, manufacturers are the most vulnerable to cyberattacks, Verizon report finds

Small and medium-size businesses and manufacturing as a whole experience more ransomware attacks and cybersecurity breaches with fewer resources to combat them, according to Verizon’s 2026 Data Breach Investigations Report.  

The report, based on 22,000 confirmed data breaches in 145 countries worldwide, concludes that cybercriminals continue finding zero-day and critical vulnerabilities, deploy GenAI to improve their attack tools, and they have become increasingly complex with their social engineering schemes. 

See also: Ransomware attacks set new records in 2025, hitting manufacturing the hardest   

Cybercrime has not changed much since last year’s report in terms of targets or what motivates cybercriminals, Verizon said, but cybersecurity standards to protect against attacks and manage breaches if they occur haven’t changed, either.  

Manufacturing in the cybersecurity spotlight 

According to most reports, manufacturing leads or tops the list of sectors that are vulnerable to cyberattacks. One study found that in 2025, manufacturing, specifically in the U.S., was the sector most heavily impacted by ransomware.   

Verizon’s own 2026 data breach report cites the following top three business sectors for number of incidents and confirmed attacks with stolen data: 

• Financial and insurance: 3,809 incidents, 1,300 confirmed attacks with stolen data. 
• Manufacturing: 3,627 incidents, 2,713 confirmed attacks with stolen data. 
• Public administration: 3,634 incidents, 2,410 confirmed attacks with stolen data.

The No. 4 most targeted sector, educational services, suffered 1,302 incidents with 1,252 confirmed attacks involving stolen data, so the dropoff after the top three is steep, according to the Verizon report. 

See also: Leading cyberattack against manufacturing sets Q1 record 

According to the report, the primary motivation for cybercriminals to target manufacturers was financial in 87% of cases, with espionage following at 15%. By comparison, cybercriminals had financial motivations to attack the health care sector in 99% of cases and the financial and insurance sector in 98% of cases. Espionage motivated 33% of attacks against the public administration sector and 21% of attacks against the educational services sector. 

SMBs suffer greater ransomware risks 

SMBs face the same cybersecurity challenges as large businesses. The identities of the common threat actors, what they’re after and the tools they have at their disposal remain the same no matter what the target organization’s size. 

When Verizon has data on the size of an organization that suffered a ransomware attack, 96% of the victims were SMBs, and cybercriminals targeting SMBs are driven 100% by financial motivations. 

The report found that the fewer resources a business has to throw at cybersecurity, the more likely the business gets successfully hacked and/or cannot mitigate the effects of a breach. 

See also: Workshop confronts manufacturing execs with the big stakes that ride on proper cybersecurity protocols 

According to the report, the top three attack types for cybercriminals in 2025 were:

• System intrusion (61%) 
• Social engineering (17%) 
• Basic Web application attacks (10%) 

In a system intrusion, cybercriminals use malware, stolen credentials and exploit vulnerabilities in legitimate software among other methods to break your security and gain wide access to your systems. Basic web application attacks also depend on detecting and exploiting vulnerabilities. 

The number of incidents involving cybercriminals taking advantage of software vulnerabilities increased by 240% since last year, according to the 2026 Verizon DBIR. 

Scott Miserendino, vice president of engineering, cyber at DataBee, a Comcast company, said that vulnerability exploitation is the front door for cybercriminals and that IT’s software patches can’t keep up. 

“Organizations are facing a growing backlog of critical vulnerabilities, with only 26% fully remediated and a median remediation time stretching to 43 days. The gap here isn’t awareness; it’s operational execution. Security teams don’t lack vulnerability data; they lack the ability to prioritize, coordinate, and act on it at scale across fragmented environments,” Miserendino said. 

Social engineering still popular while ‘password dumping’ rises 

Social engineering, roughly defined as tricking people to give up their login credentials with tools such as phishing emails, has become more challenging for cybercriminals but is still popular among them. Phishing, according to the 2026 Verizon report, represented 80% of all email-based attacks in 2025. 

Cybercriminals have had to increase the sophistication of their social engineering-based attacks. Of those, 41% used something other than email, such as social media and text messaging, the report found. Hackers even go as far as masquerading as help desk employees and attempt to gain access to credentials over the phone. 

See also: Crystal Ball 2026: AI-driven cyberattacks are coming. Here’s how to prepare now  

The 2026 Verizon DBIR also for the first time lists password dumpers as an attack tool used by cybercriminals. These tools steal usernames and passwords without going through login screens, attacking operating systems and memory directly. 

The risk of third-party data breaches also continues unabated. The number of breaches involving third parties increased by 60% since last year, now accounting for 48% of total breaches. 

Responses to attacks 

Verizon found that organizations paid less in 2025 to unlock their data, with the average ransomware payment coming in at $139,875, versus $150,000 in 2024 and $177,614 in 2023. The percentage of organizations that did not pay ransoms at all rose to 69%, a 4% year-over-year increase. 

The report suggests these improving statistics owe to organizations’ better preparedness for and increased resilience to cybercrime than in years past.  

To keep the trend going, experts have advised organizations organizations to continue employing cybersecurity fundamentals, such as training employees to account for the inclusion of social media and text messaging as phishing platforms and how to identify suspicious requests for login credentials. 

Cybersecurity roundup: Dragos on Q3 ransomware, Kiteworks on 'legacy' web form exposure 

Additionally, IT departments have to patch critical vulnerabilities faster and organizations need to hold third parties accountable for their own cybersecurity hygiene. 

“Looking ahead, this challenge is likely to intensify. Emerging cyber-focused AI models … have the potential to dramatically accelerate vulnerability discovery and lower the barrier to exploitation. Even before broad availability, it’s reasonable to expect that attackers will gain access to similar capabilities, enabling them to uncover undisclosed vulnerabilities faster and weaponize them with far less expertise,” Miserendino said. 

Finally, organizations must have a reaction plan for data breaches. The sooner an organization detects and mitigates a breach, the more likely they avoid a ransomware demand or worse. 

"Organizations that can reliably answer who owns what, and ensure those owners are accountable for timely patching, will be far better positioned to reduce risk, even as attacker capabilities accelerate," Miserendino said. "In other words, while the threat landscape is evolving rapidly, the winners will be those who can operationalize the fundamentals with greater precision, speed, and accountability."