- Proton recorded 794 major breaches in 2025, exposing over 306 million records
- 71% of violations small and medium-sized businesses affected
- Proton urges startup founders to ‘build privately’
If you’re a startup founder, you might think your business is too small, too new, or too obscure to attract the attention of cybercriminals. You would also be wrong.
According to a new report from Swiss privacy giant Proton – the provider behind one of the best VPN and secure messaging services – start-ups are becoming a prime target for hackers.
Data from Proton’s Data Breach Observatory reveals that 794 significant breaches occurred in 2025 alone, exposing a staggering 306.1 million records. While large companies often make headlines, Proton found that 71% of breaches actually affected small and medium-sized businesses.
The “too small to hack” myth is dead
Cybercriminals seek the path of least resistance and, increasingly, that path leads to small businesses that hold valuable intellectual property (IP) but lack the dedicated security teams of a Global 500 company.
The report identifies a dangerous mindset among European entrepreneurs: prioritizing speed over security.
“In startup circles, ‘speed wins’ and security can be seen as a barrier to that speed. This can result in crucial steps being missed when securing a business,” said Patricia Egger, Head of Security at Proton.
The report highlights that access is often the first target. Nearly half (49%) of detected breaches involved compromised passwords. For a small team using shared logins on Slack or saving credentials in browsers, a single mistake can hand the keys to the entire kingdom to a malicious actor.
Proton’s report cites sobering examples from 2025, including PhoneMondo, a five-person team in Germany that saw more than 10.5 million records exposed, and Tracelo, a US-based tracking app that leaked 1.4 million records. In both cases, the size of the company did not protect the enormous amount of customer data it held.
As most SMEs are not prepared to survive a major cyberattack, the consequences, ranging from GDPR fines to complete loss of consumer trust, can be fatal for a young business.
How to “Build Privately”
To combat this, Proton urges startups to “build private.” This initiative pushes founders to build privacy into their operations from day one, rather than maintaining it after a breach.
Proton COO Raphael Auphan notes that while consumers understand privacy, it can be harder to convey it to startup founders when widely adopted big tech tools prioritize speed.
“I can’t stress enough to founders and business owners the importance of taking a pause to make the conscious choice to ‘build private,’” Auphan adds.
If you run a small business, Proton’s report suggests three essential controls to prevent you from becoming a statistic in 2026:
- Eliminate reusable credentials: Stay away from shared passwords. Use access keys or a dedicated password manager to generate unique and strong logins. Apply multi-factor authentication (MFA) everywhere.
- Block your access: Don’t let every employee have access to every file. Centralize your paths using professional VPNs to create a single private gateway. This ensures that even if one device is compromised, the attacker cannot move laterally across your entire network.
- Encrypt everything: Encryption doesn’t stop attacks, but it makes stolen data useless. Make sure your email, cloud storage, and calendar tools use end-to-end encryption so only you hold the keys.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
