Two new reports have highlighted the growing threats facing small businesses online.
Rise in online breaches
One report, the 2025 Data Breach Investigations Report (DBIR) by Verizon Business, has revealed a surge in system breaches across the Asia-Pacific region. Malware accounted for 83 per cent of the breaches this year, and ransomware accounted for 51 per cent.
“This year’s report reinforces the growing complexity and persistence of cyber threats facing organisations worldwide. In the Asia-Pacific region in particular, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks,” said Robert Le Busque, regional VP Asia Pacific for Verizon Business.
The report also revealed an alarming rise in espionage-motivated attacks in the manufacturing and healthcare sectors, and persistent threats to the education, financial, and retail industries. It also noted that the median ransom payment to cybercriminals amounted to US$115,000, a significant amount for many small and medium-sized businesses (SMEs).
“Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64 per cent not paying vs 50 per cent two years ago. The glass-half-empty personas will see in the DBIR that organisations that don’t have the proper IT and cybersecurity maturity – often the SME sized organisations – are paying the price for their size with ransomware being present in 88 per cent of breaches,” said Craig Robinson, research VP, security services at IDC.
According to Verizon Business, educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness”
Bots derailing e-commerce traffic
Meanwhile, a report by application security and delivery solutions provider Radware found that automated bots – good and bad bots – accounted for 57 per cent of e-commerce website traffic during the 2024 holiday season.
The 2025 E-commerce Bot Threat Report found that bad bots made up 31 per cent of total internet traffic during the last holiday season and nearly 60 per cent of the malicious traffic that employed advanced behavioural techniques to evade traditional threat detection. Malicious bot traffic directed at mobile platforms also rose 160 per cent between the 2023 and 2024 holiday shopping seasons.
The report also noted that this was the first time that automated, non-DDoS generating bots drove more traffic than human shoppers, signalling a critical shift in the cybersecurity landscape for e-commerce providers and online retailers.
“Bad bots are no longer just based on simple scripts – they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defence,” said Ron Meyran, Radware’s VP of cyber threat intelligence. “E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”
The report pointed out that combating these bots requires sophisticated security strategies, including accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, Captcha farm services, and other advanced anomalies, without causing false positives.
