Skip to main content
TechnologyJul 17, 2026· 7 min read

AI Accelerates Attacks, SMEs Learn to Cope with Risk: ESET Threat Report and Cyber Readiness Index

AI Accelerates Attacks, SMEs Learn to Cope with Risk: ESET Threat Report and Cyber Readiness Index

Artificial intelligence has not yet produced a new generation of autonomous malware, but it has made existing attacks faster, more scalable, and harder to distinguish from legitimate interactions. This is the conclusion drawn from two studies presented by ESET in Milan on July 14: the Threat Report for the first half of 2026 and the SMB Cyber Readiness Index 2026, a survey conducted by the company involving 4,400 IT managers from small and medium enterprises, 500 of whom are in Italy.

AI as an Accelerator, Not a New Weapon

Between December 2025 and May 2026, ESET researchers analyzed nearly 900,000 AI skills—small functional components that indicate to an agent which tools to use and which data to access—identifying tens of thousands of suspicious instances and thousands of openly malicious ones. "This data shows a shift in nature rather than a change in type," explained Samuele Zaniboni, Manager of Sales Engineering at ESET Italy; AI has not created new types of malware but has accelerated known ones and lowered the level of expertise needed to launch an attack.

The most concrete innovation is PromptSpy, the first known Android malware that integrates generative AI into its execution code, using it to recognize the targeted device and decide how to attack it. The remainder of the findings confirms the same direction. The social engineering technique known as ClickFix, which exploits fake error messages to induce users to run a script, has expanded beyond fake CAPTCHA requests to AI-generated support pages and cloud authentication scenarios. Its variant, ConsentFix, targets token theft, abusing OAuth permissions to hijack cloud accounts without stealing credentials, often bypassing multi-factor authentication, with detections more than doubling between the latter half of 2025 and the first half of 2026. Phishing through QR codes, dubbed quishing, is also on the rise, reaching record levels and accounting for about 11% of phishing emails over the semester.

Ransomware perhaps offers the most significant data. Attacks continue to grow, but the share of victims willing to pay the ransom has hit historic lows, ranging between 14% and 28% according to cross-referencing from multiple industry sources. The reason, Zaniboni noted, is a greater maturity among companies: more effective backups, recovery tools, and the awareness that paying does not guarantee anything and often exposes them to a second attack. Attackers are countering with EDR killers, tools designed not to hide ransomware but to disable the detection and response (EDR) systems that are supposed to identify it, with ESET documenting over a hundred different variants in real-world contexts.

Perception and Reality in SMEs

The second part of the meeting shifted the focus from labs to the market. The SMB Cyber Readiness Index 2026, presented by Michal Jankech, Global Vice President Enterprise, SMB & MSP at ESET, illustrates an evolving attitude. Small and medium enterprises no longer view cyber attacks as rare events reserved for large organizations. 45% of surveyed companies reported experiencing an incident in the past twelve months, with 14% having faced more than one. Interestingly, those who have already suffered multiple breaches are the most confident in their ability to respond (81%), indicating that direct exposure leads to more realistic approaches.

The most delicate point is the gap between perceived and actual risk. While AI-generated malware dominates discussions at board meetings and in the media, real incidents continue to arise from known problems: phishing, weak credentials, unpatched systems, insufficient monitoring. Phishing remains the most common cause of incidents (26%), consistent with ESET telemetry, which shows that in 2025, 34% of threats belonged to this family. The practical impact of AI, Jankech clarified, today relates far less to autonomous malware and much more to the ability to generate more numerous and credible phishing campaigns, to the point that an email written by AI is now indistinguishable from one drafted by a human, and the same techniques allow for the cloning of voice and video to simulate a call from a CEO.

The situation is further complicated by unchecked AI deployment in businesses. Over 70% of organizations admit to using it for daily operations, yet 40% lack internal rules to limit shadow AI—the use of unauthorized tools that becomes a new attack vector.

In the Italian context, the survey reveals particular traits. Of the 500 SMEs involved, 8% reported having suffered more than one attack in the past year and 27% at least one, while 65% claim they have not experienced any or are unaware of such incidents. While 75% express confidence in their resilience, Italian companies remain among the most concerned in Europe, a contradiction that was the focus of discussions with the company's Italian leaders.

The Italian Knot: Aware but Not Ready

For Fabio Buccigrossi, Vice President of South West Europe Sales at ESET, and Samuele Zaniboni, this data must be interpreted in context. When asked, almost all companies claim to be secure, but just a few more targeted questions about after-hours monitoring, infrastructure type, and authentication reveal that this perceived security is often more of an illusion than reality. Awareness has grown, partly driven by the NIS2 directive, but compliance with regulations doesn't mean readiness to defend.

The problem is structural. Over the years, many SMEs have reduced their internal IT staff and now find themselves lacking the necessary vertical skills just as production lines—mostly managed by IT systems—become targets. Halting the production of a manufacturing company equates to blocking its revenue: an attack on a small manufacturer could lead to ransom demands of tens of thousands of euros, far exceeding the cost of adequate protection. This increases the role of partners and managed service providers (MSPs) called upon to cover what companies can no longer manage on their own.

Continuous monitoring remains a genuine challenge, as very few Italian companies monitor their networks 24/7, and equally few security operations centers can genuinely provide this service at sustainable costs for smaller organizations. On this front, ESET advocates for a different approach, with a console designed for MSPs that integrates managed detection and response services (MDR) into the relationship between the reseller and the end customer, rather than leaving them to a separate contract with the manufacturer.

However, the thread running through the entire meeting was culture. Security cannot just be sold as technology; it needs to be explained, and often the most challenging task for an IT manager is to justify increased spending to corporate leadership. This is why ESET has complemented its services with a training module, the Cybersecurity Awareness Training, built on phishing simulations that test users and guide them through a journey of awareness. This reflects a changing interlocutor because, alongside IT, human resources and management have begun to play a role.

In the background remains the issue of technological sovereignty. ESET, a privately controlled European company, has asserted its decision to develop its own AI models, without relying on platforms from large US groups, thanks to an investment of 40 million euros announced by CEO Richard Marko at ESET World 2026 and aimed at bolstering research, AI system security, and operational centers, including two new European SOCs. New prevention features, also focused on controlling AI agents and detecting shadow AI, are expected in products in the coming months. The sovereignty of data, as managers emphasized, is not a trend, but a confirmation of a path for a company that has always defined itself as European, a path now intensified by geopolitical tensions.

The growth of the Italian market also sets the stage for a change in the internal landscape. Launched in 2019 as a branch, ESET Italy now has around fifty employees and a turnover that has grown from about 3 million to 23 million euros, a result that has earned Buccigrossi an expanded role covering France, Spain, and Portugal. This expansion brings the same channel model tested in Italy across borders, where the real challenge, more than technological, remains to transfer a culture of security to a fabric of businesses that are only now learning to consider their data as an asset to protect.