Some security related market reports.
Gartner has identified six key cybersecurity trends for 2025, focusing on the transformative effects of generative artificial intelligence, regulatory changes, and cybersecurity burnout. Generative AI is shifting data security priorities from traditional structured data to unstructured data like text, images, and videos. Additionally, as the use of machine accounts rises, organizations must develop comprehensive strategies for machine identity and access management. A survey by Gartner revealed that organizations manage an average of 45 cybersecurity tools, urging leaders to streamline their security controls. Furthermore, the integration of security behavior and culture programs is expected to reduce employee-driven incidents by 40 percent by 2026.
ConnectWise has released its 2025 Managed Service Provider Threat Report, revealing critical insights into the evolving cybersecurity landscape. The report highlights significant shifts in ransomware tactics, with an increasing focus on data extortion and attacks targeting smaller organizations. Notably, attackers are developing advanced techniques to evade endpoint detection and response systems, creating significant challenges for threat detection. The report also points to a resurgence of drive-by attacks, exploiting software vulnerabilities.
In a recent survey conducted by Calyptix Security Corp. and Information Technology Intelligence Consulting, 86 percent of small businesses identified security breaches as the top threat to their operations. The survey, which involved 715 small and mid-sized businesses, revealed that 49 percent are planning to increase their security budgets. Additionally, 75 percent of respondents believe that human error has left their companies vulnerable to security threats, and nearly 70 percent expressed concerns over remote employees’ lax security practices. The cost of downtime remains significant, with 37 percent of participants estimating that a single hour of downtime can cost between one thousand and five thousand dollars, while eight percent indicated costs could exceed twenty-five thousand dollars.
Guardz has revealed a troubling trend of “attack as a service” on the dark web, particularly targeting small businesses, which make up ninety percent of all businesses and contribute fifty percent to the world’s GDP. Hackers are offering access to vulnerable small business networks for as little as six hundred dollars, exploiting outdated security measures. The Guardz Research Unit found that over fifteen percent of dark web listings were offering access through known vulnerabilities, some dating back years. Additionally, they uncovered listings selling stolen credentials, with prices for access ranging from three hundred to one thousand eight hundred dollars. The research highlights that cybercriminals are increasingly using double extortion tactics, threatening to release sensitive data if ransom demands are not met.
A recent study by EasyDMARC reveals that while ninety-three percent of IT decision-makers plan to enhance their email security in response to rising artificial intelligence threats, many face significant implementation challenges. However, thirty-one percent cited the technical complexity of adopting DMARC, a key email authentication protocol, as a major barrier. Forty-three percent are seeking external assistance to bridge the expertise gap.
Why do we care?
The threat landscape is shifting faster than many organizations can adapt. Organizations don’t necessarily need fewer tools; they need better interoperability between them. MSPs should focus on platform-based security solutions rather than fragmented tool sets.
Many SMBs are increasing their security budgets, but without proper guidance, spending alone won’t solve the problem. MSPs should help clients prioritize security investments based on risk rather than just adding more layers.
43% of IT leaders are seeking external assistance for email security, which means MSPs that offer DMARC-as-a-service or email security consulting could benefit from a growing demand, although as an integrated part of selling security.
Finally, addressing cybersecurity burnout is crucial, as effective leaders are prioritizing both their own well-being and that of their teams.

