A new Sophos report reveals that over three-quarters of cyber incidents impacted small businesses in 2023, with ransomware being the biggest impact. The LockBit group had the highest number of small business ransomware incidents, at 27.59%. The report also highlighted evolving tactics used by ransomware operators, including an increase in remote encryption and targeting macOS and Linux operating systems. Over 90% of cyber-attacks reported by Sophos customers involved data or credential theft in some form, ranging from ransomware to data breaches. Nearly half (43.26%) of all malware targeting small and medium businesses (SMBs) last year focused on data theft, including password stealers, keyboard loggers, and spyware. Stolen credentials are used for social engineering attacks, service access, and sales. 2023 is expected to see an increase in information-stealing malware targeting macOS, with BEC compromises more common.