So much security news, and in particular, a lot of data.
Cybercrime is projected to become the world’s third-largest economy, costing an estimated $12.2 trillion annually by 2031, according to the Huntress Cyber Threat Report. The report reveals that organized cybercriminals have evolved their tactics, utilizing legitimate remote monitoring tools to facilitate attacks, which surged by 277% in the past year. The average time-to-ransom has risen to 20 hours as attackers prioritize stealth and data theft.
Acronis has released its biannual report on cyber threats, revealing email-based attacks rose by 16% per organization and phishing was responsible for 83% of all email threats in the latter half of 2025. Furthermore, advanced attacks on collaboration platforms surged from 12% to 31%.
WatchGuard Technologies reveals a staggering 1,548% increase in unique malware detections on endpoints during the second half of 2025, despite an overall 4.6% decline in total malware volume.
Ransomware attacks targeting the IT and food sectors have significantly increased, with the IT sector experiencing nearly 750 incidents in 2025, more than doubling the previous year. According to the Information Technology Information Sharing and Analysis Center, these attacks represent almost 12% of all recorded ransomware incidents.
Rocket Software reports 69% of IT leaders cite data security as their top modernization concern, yet only 25% believe their infrastructure is ready for AI workloads.
Cybersecurity provider Vectra AI has released its 2026 State of Threat Detection and Response Report, revealing 63 percent of daily security alerts remain unaddressed, and only 58 to 60 percent of organizations report full visibility across their systems.
A new report by N-able, Inc. and The Futurum Group highlights that 62% of mid-market organizations have observed an increase in AI-driven phishing and deepfake scams. A recent report from LevelBlue reveals 51 percent of CIOs anticipate AI-powered attacks within the next year, yet only a third believe their organizations are prepared to manage these threats.
Why do we care?
Every one of these reports comes from a vendor. That doesn’t make them wrong — it makes them shaped. The $12.2 trillion cybercrime economy number is a modeled extrapolation, not a measured figure. The 1,548% malware increase from WatchGuard sounds catastrophic until you read the fine print: total volume dropped. Attackers are running smaller, custom campaigns specifically to evade the signature-based tools most MSPs are still deploying. Together, that means the threat is getting more sophisticated while many MSP stacks remain signature-driven.
A phishing foothold becomes cross-client access the moment your RMM is the pivot point.
That’s not a client getting breached. That’s a client getting breached through your tools. The legal exposure, the reputational damage, the client loss — all of it lands on you. And the Vectra data showing 63% of alerts going unaddressed tells you the industry-wide response infrastructure isn’t built to catch it in time.
If your RMM stack or Copilot deployment becomes the breach vector, the real test won’t be whether the vendor patches it — it will be whether your controls, documentation, and alert response practices stand up to an insurance carrier arguing you failed to maintain “reasonable security.” The MSPs who treat this as sales enablement will miss the audit that protects them.

