Kaseya has released its 2026 Kaseya Cybersecurity Outlook and its 2025 Global IT Trends and Priorities Report. Based on surveys of Managed Service Providers (MSPs) and their small and medium-sized business (SMB) customers worldwide, the reports reveal the latest trends, challenges and expectations in the industry, from shifting budgets and gaps in cybersecurity readiness to organisations’ priorities for the year ahead.
Some of the key findings include:
One in five businesses suffered losses of 100,000 USD or more after a security breach.
Cyber failure is costly – as we have seen in recent breaches, they can bring business operations to a grinding halt. A staggering 37% of businesses reported losing a full day or more to downtime following an incident. Additionally, 18% of businesses suffered financial losses of $100,000 or more. Against this background, the readiness of businesses to deal with incidents is concerning: Only 40% of surveyed organisations have a regularly tested, formal incident response plan.
Businesses still fail to carry out essential penetration tests and real-time threat monitoring.
Around 15% of businesses have no real-time threat monitoring in place. And, while 76% of businesses conduct annual penetration tests, nearly one in four remain inconsistent or skip testing entirely. Cost remains the leading barrier. For MSPs, however, pen testing is a profitable opportunity, with almost half reporting margins above 20%.
AI is not yet widely deployed in cyber defences, with trust barriers holding adoption back.
A notable 18% of businesses still don’t use AI to enhance their security posture. When they do, AI is most widely applied in email security (49%), enhanced endpoint protection (34%), and threat detection and anomaly identification (32%). Only 12% of businesses fully trust AI to act autonomously. Accuracy and data privacy are amongst the key concerns slowing adoption.
Humans continue to be cybersecurity’s weakest link.
The No. 1 vulnerability remains human error, driven by poor user practices and inadequate training, making it the most feared threat vector for the next 12 months. With this, phishing remains the most damaging and persistent cybersecurity challenge. It has affected more businesses than any other type of attack, with 56% impacted to date and nearly half (49%) within the past year alone.
However, IT leaders are focused on security and business continuity.
In Kaseya’s global trends report, cybersecurity topped the list as both the most cited challenge (49%) and the leading investment priority (52%). Backup and recovery followed closely behind, indicating that organisations of all sizes are preparing to bounce back faster when things go wrong.
These are only some of the findings – both reports delve much deeper into what keeps MSPs and their customers up at night.
