That number comes from the Guardz 2026 State of MSP Threat Report, released last week. Researchers monitored real SMB environments over six months. At any given moment, nearly 9 out of 10 businesses had at least one employee with a confirmed credential compromise. One in three users had an exposed password every single month.
That’s not a prediction. That’s a measurement of what’s happening right now inside businesses like yours.
Here’s what makes this worse: attackers aren’t just stealing passwords anymore. Session hijacking, where a criminal grabs your active login session and bypasses your password entirely, jumped 23% over just 180 days. Multi-factor authentication doesn’t stop this. If someone swipes your session token after you’ve already logged in, MFA already did its job. It has nothing left to block.
The same report found that Business Email Compromise losses ranged from $140,000 to $1.5 million per incident. A year ago, the average BEC loss was around $40,000. That number has ballooned fast.
So what does a compromised credential actually look like in practice?
An employee gets a phishing email. They enter their Microsoft 365 login on a convincing fake page. The attacker now has their username and password. They log in quietly, watch email threads for weeks, wait for an invoice or a wire transfer conversation, then step in at exactly the right moment and redirect the payment.
No ransomware. No drama. Just a wire that went somewhere it shouldn’t have.
The hard part is that most businesses wouldn’t know this was happening. Credential theft doesn’t set off alarms. It doesn’t crash systems. It just quietly gives someone else the keys.
The first step is knowing whether your credentials are already out there, and whether your current setup would catch them if they were.
That’s exactly what our Cyber Liability Scan looks at. It checks your external exposure, flags compromised credentials tied to your domain, and tells you where the gaps are in plain language. No jargon, no sales pitch, just a clear picture of where you stand. Contact us here: https://www.rstechnology.net/contact-us/
