- NordLayer Web-Based Threat Report 2026 found a gap between confidence and reality: 73% of businesses feel prepared, but 82% of them have experienced browser-based attacks.
- Malware harvested 1.8 million credentials and 68.8 billion cookies last year, with stolen logins enabling silent intrusions as reliance on SaaS increases.
- The researchers highlight browsers as the critical frontier and recommend strengthening controls and DLP to address coverage inequities and the increasing sophistication of web threats.
Most companies believe they are well prepared to deal with cyberattacks, but the number of successful breaches in the last year alone paints a different picture.
Earlier this week, NordLayer released a new report titled “Why Browser Security Can’t Wait: Web-Based Threat Report 2026.” In it, the company states that while 73% of organizations say they are prepared for web-based attacks and have confidence in their solutions, 82% of them have encountered some form of web-based attack.
The document is based on an analysis of the 504 “top-rated and most-reviewed job applications,” an analysis of data stolen from various information thieves, and a survey of 405 U.S. cybersecurity and IT professionals.
Hackers no longer hack
NordLayer highlights that coverage is “modest and uneven,” with data loss prevention (DLP) tools leading the way at just 53%, followed by other security controls. Nearly all IT professionals said their organization is concerned about web-based threats (98%), and most expect it to escalate. In fact, 81% expect greater sophistication and 73% think there will be more incidents in the coming years.
“There is a clear gap between recognizing the threat and knowing how to deal with it,” says Buinovskis. “Concern is high, but awareness of which controls actually address browser-specific risks is low. Much of the initial confidence likely comes from having general security controls in place, but they rarely adequately cover risks in the browser.”
The researchers also highlighted that 100% of the apps tested were browser-accessible and almost four out of five (78.8%) were browser-only. At the same time, malware managed to harvest 1.8 million credentials and 68.8 billion cookies last year.
“Hackers don’t hack anymore, they just connect,” says Buinovskis. “Stolen cookies and credentials ensure immediate access without raising alarms: a connection appears legitimate. It’s low risk, high reward, and as reliance on web-based SaaS increases, so does the value of stolen data. Attackers will continue to exploit this until organizations secure the browser as a critical boundary.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
