bizpain.org EN|HE
Home/ Retail & commerce/ SMB cyber-attack cliff — Israel
Retail & commerce · Israel · Cybersecurity

State-grade attackers. Corner-shop budgets.

In 2025 the Israel National Cyber Directorate (INCD) issued roughly 2,480 alerts, two and a half times the 2024 count, while its 119 emergency cyber line logged about 26,500 incident reports, up 55% year-on-year. Phishing was 52% of the vectors. Most of the calls came from Israeli small and mid-sized businesses (SMBs) with no full-time security staff, no multi-factor authentication, and no incident-response retainer.

01The pain

Three thousand six hundred and fifty incident reports landed in Israel's 119 emergency cyber line in June 2025 alone, 75% above the monthly average. Across that year the Israel National Cyber Directorate (INCD) issued roughly 2,480 alerts, 2.5 times the 2024 count, while the 119 hotline logged about 26,500 reports, up 55% year-on-year. Phishing accounted for 52% of the vectors. Most of the calls came from shopkeepers and dispatchers with no full-time security staff.1,2

The pain concentrates on Israel's small and mid-sized businesses (SMBs). A joint study by Marsh and Northwave flagged a strategic shift by ransomware crews toward Israeli SMB targets in information-technology services, retail, construction and logistics; the average European ransom now sits at roughly €172,000, around 2% of victim revenue. A March 2026 password-spraying campaign, reported by TheHackerNews and attributed to Iran-linked operators, hit more than 300 Israeli Microsoft 365 tenants in three waves. Only about 17% of small Israeli businesses carry any cyber-insurance cover.3,2

A Petah Tikva electronics shop, a Beer Sheva logistics dispatcher, a Holon solo law office — all face attacks calibrated for state-grade adversaries on corner-shop budgets. No in-house security operations centre, no multi-factor authentication on most accounts, no retainer with an incident-response firm. The 119 line answers. The bill arrives later.1

26,500 incident reports in 2025, up 55% year-on-year.1
"2025 has further demonstrated that in cyberspace there is no 'ceasefire' and that cyber is a central strategic front in national security." — Yossi Karadi, Head of the Israel National Cyber Directorate, INCD 2025 Cyber Threats Report (Israel Defense, March 2026)

Further reading

  • 1 Israel Defense — INCD 2025 Cyber Threats Report: 2,480 alerts, ~26,500 incident reports to the 119 emergency line, phishing at 52% of vectors, June 2025 spike during the Iran operations (English): israeldefense.co.il
  • 2 The Jerusalem Post — INCD on Iran-linked targeting of Israeli IT-service providers and SMBs; Marsh / Northwave reporting on the European ransom average and the strategic ransomware shift (English): jpost.com
  • 3 The Hacker News — March 2026 password-spraying campaign reported against 300+ Israeli Microsoft 365 tenants in three waves, attribution reported as Iran-linked (English): thehackernews.com
Ad · rail 1
Your banner here
€20/ month
A Petah Tikva electronics shop spent 19 hours after its accountant's mailbox was phished trying to find someone who knew what multi-factor authentication actually was. A Holon solo lawyer is shopping for a managed-detection retainer this month. Buy the slot next to them.
Israel National Cyber Directorate, 2025: 2,480 alerts. The 119 hotline: 26,500 calls. Your ad: zero alerts, one customer.
Buy this ad slot →
PayPal subscription · Cancel any time · 1-month minimum
Ad · inline 1
Your banner here
€20/ month
Selling a Hebrew-console managed-detection-and-response bundle, an automated multi-factor-authentication rollout for Microsoft 365, an Israeli incident-response retainer under NIS 1,000 a month, or a one-day digital-forensics-and-incident-response (DFIR) clinic for shopkeepers? Your buyers are on this page right now.
Banner size: bigger than a phishing payload. Also harder to click on by accident.
Buy this ad slot →
PayPal subscription · Cancel any time · 1-month minimum

02Who solves this today

Three Israeli-rooted vendors that publicly self-market cybersecurity to small and mid-sized businesses or that ship a dedicated SMB product line. Each was checked live on the date of writing with a verbatim homepage marketing quote. The list is intentionally narrow.

Cynet
Israeli-founded all-in-one cybersecurity platform with a 24×7 managed-detection arm. Homepage names the offer: "CyOps 24x7 MDR security experts work as part of your team, ensuring no threat is missed."
cynet.com
Check Point Quantum Spark
Israeli-headquartered Check Point's small-business firewall line. Product page names the SMB pitch: "Check Point Spark next-generation firewalls deliver AI-powered threat prevention performance of up to 3.25 Gbps with a 99.9% malware block rate."
checkpoint.com
Sygnia
Israeli-rooted incident-response and managed-detection firm. Homepage names the offer: "Defeat attackers and restore your normal business operations with confidence." 24×7 responders, MDR via the Velocity platform.
sygnia.co

Listed providers publicly market cybersecurity to Israeli SMB or mid-market buyers on their own front pages, verified by live fetch on the date of writing. Inclusion is not endorsement. Adjacent Israel-active vendors were considered and excluded — CyberHat (cyberhat.com) returned a connection-refused error (ECONNREFUSED) on every attempt and could not be verified, so it was dropped pending a re-check; Comsec (comsec.co.il) returned a connection-refused error (ECONNREFUSED) and was dropped pending a re-check; CYE (cyesec.com) returned HTTP 200 but the homepage emphasised enterprise-grade exposure-management for "industry leaders around the globe" without a small-business or SMB surface, so it was dropped per the named-niche-on-homepage rule; Pentera (pentera.io) returned HTTP 200 but the homepage pitched automated security validation to mid-market and enterprise security teams without an SMB surface, so it was dropped; Radware (radware.com) returned HTTP 200 but the homepage pitched cloud DDoS protection and an MSSP partner programme without a direct SMB surface, so it was dropped. The Israel National Cyber Directorate, the 119 emergency line, the Jerusalem Post, Israel Defense, The Hacker News, Marsh and Northwave are referenced in section 01 as institutional / trade-press citations rather than homepage-self-marketed solution providers.

Help us improve this page

Report a mistake — or suggest a new solution

Spot a wrong number, dead source link, missing aspect, broken translation? Or know a vendor we should list as a solution? Tell us. The Director re-checks every report and either updates the page or writes back with a reason.

No tracking. We don't put your email on a list. See privacy policy.

Listed companies — manage your entry. If you are one of the providers above and anything here is wrong, missing, or out of date — or you'd rather not be listed — write to us. Removal within 24 hours; corrections within 7 business days. We do not contact listed companies first; we publish what your own public marketing claims and respond when you reach out. Email contact@aikraft.com.

Ad · rail 2
Your banner here
€20/ month
No middlemen, no auction, no algorithm. Cancel any time.
We will personally email you when your banner goes live. We are that bootstrapped.
Buy this ad slot →
PayPal subscription · Cancel any time · 1-month minimum