The Veriti Spottr Cybersecurity Brief

Thought Leadership Credential Risk May 2026  ·  8 min read 94% of leaked passwords are reused or duplicated. Employees reuse the same password an average of 13 times. And by 2026, nearly half of all successful cyberattacks on SMBs will originate from credential reuse. Most businesses have a password policy. Almost none have visibility into whether anyone follows it. Think about the password you use for your personal email. Now think about whether any of your employees use that same password — or a variation of it — to log into your business systems. You don't know. And that uncertainty is the problem. In 2024, a security researcher analyzed 19.03 billion leaked passwords from breach databases and found that only 6% were unique. The other 94% had been used before — on another account, at another company, in another breach. Every one of those reused credentials is a master key that attackers test systematically...

Thought Leadership Insider Threat May 2026  ·  8 min read The moment someone gives their notice, a clock starts ticking. 70% of IP theft happens within 90 days of a resignation. Most small businesses don't know what their departing employees took, what access they still have, or what the next employer just inherited. Here's what the data says — and what to do about it. In March 2025, a research scientist at Yahoo received a job offer from a competitor. Within minutes of accepting it, he downloaded approximately 570,000 pages of proprietary information to his personal devices. Intellectual property, research data, competitive intelligence — files he had legitimate access to right up until the moment he decided to leave. By the time Yahoo's security team identified the exfiltration, the data was already gone. This case made headlines because Yahoo is a known company. But the same pattern — a departing employee, a ...

Thought Leadership Defense in Depth April 2026  ·  8 min read Moats. Drawbridges. Portcullises. Murder holes. The architects of medieval castles invented layered defense-in-depth centuries before the first computer existed — and the principles they built in stone map almost perfectly to the security posture every small business needs today. In the 13th century, the architects of Caernarfon Castle in Wales planned the King's Gate to require any visitor to cross two drawbridges, pass through five heavy doors, and pass under six portcullises — with murder holes in the ceiling and arrow slits on both walls the entire way. Though the gatehouse was never fully completed as originally designed, the intention was unambiguous: an attacker who breached the outer moat still faced the gatehouse. An attacker who forced the gatehouse still faced the portcullis. An attacker who bypassed the portcullis still faced scalding water from ab...

For most small businesses, the biggest cyber risk is not a foreign intelligence service targeting them directly. It is the broader cybercrime economy using phishing, credential theft, business email compromise, ransomware, and supply-chain weaknesses at scale. Small and midsize businesses often hear headlines about nation-state cyber actors, advanced persistent threats, and geopolitical cyber campaigns. That can create the impression that the main cyber question is whether a foreign government is interested in your business. For most SMBs, that is the wrong question. The more practical question is this: what does your business expose that criminals can exploit quickly, cheaply, and repeatedly? Microsoft’s 2025 Digital Defense Report says the vast majority of cyberattacks are carried out by cybercriminals, not nation-state actors, and that only 4% of incidents with known motivation were driven by espionage. :contentReference[oaicite:0]{index=0} Why the distinction matters There i...

Artificial intelligence is making everyday work faster, easier, and more productive. It is also making cybercrime more convincing. That is the reality individuals, families, and businesses now face. AI can help people brainstorm, write, research, and automate tasks. But the same technology can also be used by scammers and cybercriminals to clone voices, create deepfakes, generate persuasive phishing messages, and trick people into exposing sensitive information or sending money. The good news is that you do not need to become a cybersecurity expert to protect yourself. You do need a smarter toolkit. Think of this post as exactly that: a practical AI cyber safety toolkit for avoiding the most common ways people fall prey to AI-powered threats. Why This Matters Right Now The concern is already widespread. The 2025 Oh Behave findings cited in the AI and Data Privacy tip sheet say that 65% of people are concerned about AI-related cybercrime, and 58% have not recei...

For many small and midsize businesses, cyber insurance used to feel like a financial backstop. If something bad happened, the policy would help absorb some of the damage. That mindset is changing. Cyber insurance is increasingly becoming something more than a safety net. It is becoming a signal of whether a business has put basic security controls in place at all. In other words, cybersecurity is no longer just an IT best practice for SMBs. It is increasingly tied to whether a business can qualify for coverage, what that coverage may cost, and how exposed it may be when a real incident happens. Why Insurers Care More Than Ever Insurers are not asking about multifactor authentication, backups, identity controls, and employee awareness out of curiosity. They are asking because the threat landscape has made those controls hard to ignore. Verizon’s 2025 Data Breach Investigations Report found that third-party involvement in breaches rose to 30% and that exploi...