SonicWall has published its Informe Cyber Protect 2026 marked by the adoption of a new approach that leaves behind traditional reporting on threats to focus on the protection outcomes that matter most to business leaders. The report draws a worrying conclusion: the majority of SMEs fail not as a result of sophisticated attacks, but rather by committing seven predictable and avoidable failures that SonicWall has called the seven deadly sins of cybersecurity.
The 2026 report continues to draw on data from SonicWall’s global network of more than one million security sensors to reveal an increasingly precise and relentless threat picture. These are some of the key statistical takeaways:
- Attacks on web applications have dominated the threat landscape in Spain: 82% of all intrusion activity targets web infrastructure. The WEB-ATTACKS category generated 335.7 million detections—82.2% of all high/medium level activity recorded by Spanish IPS—through 1,112 unique signatures. Only three traversal variants of
directories produced 134.5 million detections, more than the entire IPS production of France or the United Arab Emirates. No other European market comes close to this concentration of web attacks, with the UK at 54.8% and Germany at 66%. Spain’s public-facing web infrastructure is under a systematic, sustained and technically diverse assault that requires urgent, layered defense. - Now, automated bots generate more than 36,000 scans per second for vulnerabilities, equivalent to more than half of all Internet traffic. Malicious bot traffic alone has increased to 37?% of all global Internet traffic.
- Spain registers the highest intensity of attacks per device of all the European countries analyzed, surpassing Germany (77,907), Italy (64,819), the United Kingdom (44,469) and France (37,072), and even surpassing the United States (90,626). Total IPS intrusion attempts have more than doubled year-on-year, increasing by 119.8% – the steepest increase of all European markets analyzed in 2025. Spain is not only under pressure; It is the epicenter of the intensity of the attacks in Europe.
“SonicWall data reveals that attacks are getting faster and, in some cases, a little more sophisticated,” said Michael Crean, Senior Vice President and General Manager of Managed Security Services at SonicWall. “However, the vast majority
Most of the attacks we are observing and investigating are based on fundamentals that continue to be overlooked. The danger is not that AI is not working, but that we are using it as an excuse not to do the things we know we should do..
SonicWall’s Cyber Protect 2026 Report is the first in the company’s history to focuses on protection results and not just threat statistics. In preparing this year’s study, SonicWall identified seven recurring patterns, which it has dubbed the Seven Deadly Sins, that consistently mark the difference between resilience and exposure in breach investigations, security assessments, and SMB incident reviews.
The Seven Deadly Sins of Cybersecurity
Rather than attributing the risk of breaches to exotic or emerging attack methods, the Cyber Protect 2026 Report identifies seven operational failures that repeatedly appear in investigations and which remain largely avoidable. The Seven Deadly Sins are:
- Ignoring basics — Weak authentication, unpatched systems, and excessive administrator privileges remain the primary attack surface.
- False Confidence — Believing your business is too small to be the target of an attack, overestimating the effectiveness of controls, and taking resilience for granted without testing it creates dangerous blind spots.
- Excessive access — Overly permissive rules, flat networks, and implicit trust behind authentication allow attackers to move freely through the network once they have gained access.
- Reactive security approach — Without 24/7 monitoring and proactive threat detection, attackers set the pace. On average, leaks are not detected until 181 days have passed.
- Security decisions motivated by costs — Postponing investments due to short-term budget pressures generates costs that arrive later — with interest. A single SME breach can exceed $4.91 million when downtime and recovery are included.
- Using legacy access models — VPNs that authenticate once and grant broad network access remain one of the most exploited entry points into enterprise security. VPN CVEs increased by 82.5% during the analyzed period.
- Prioritizing fads over execution — Buying the latest tools without fully implementing them and expecting technology to make up for the shortcomings.
SonicWall’s Cyber Protect 2026 report makes clear that the gap between protected and exposed is rarely down to technology alone. Depends on execution. This report is intended to help SMEs and the MSPs and MSSPs that protect them close that gap with data, clarity, and a roadmap of next steps.
More information and download | Informe Cyber Protect 2026 de SonicWall
