LastPass and Dr. Chase Cunningham empower growing businesses to prioritize cybersecurity with a practical, research-backed roadmap

Today, LastPass announced the release of the Cyber Resilience Playbook: From Cyber Risk to Resilience in 2025, a strategic guide designed to help emerging and mid-sized businesses strengthen their cybersecurity posture. Authored by renowned cybersecurity expert Dr. Chase Cunningham (“Dr. Zero Trust”) and commissioned by LastPass, the playbook is based on insights from over two dozen leading industry reports and offers a clear, actionable framework tailored for organizations with limited resources and lean security teams. In an era defined by artificial intelligence (AI) and automation, cybercriminals are scaling attacks with unprecedented ease—making it critical for smaller companies to proactively harden their defenses and move beyond outdated notions of ‘security by obscurity.’

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251016364471/en/

LastPass and Dr. Chase Cunningham unveil the Cyber Resilience Playbook — a practical guide for growing businesses, distilled from 26+ expert reports.

“Smaller businesses are waking up to the reality that they’re caught in the crosshairs of the dangerous digital landscape, whether they want to be or not,” said Dr. Chase Cunningham. “As enterprises become harder to breach, hackers are using AI to scale their efforts and go after easier wins. The tactics haven’t changed; just the targets.”

What’s inside the cyber resilience playbook

To help small and mid-sized businesses take action, the playbook includes:

• Key insights across major security studies in 2024–25 to identify trends and threat patterns
• A practical maturity model to assess current security posture and next steps
• A resilience scoring system to gauge preparedness
• A tailored action plan designed specifically for companies with lean teams and limited resources

“As attacks become increasingly widespread, smaller businesses need to center on cyber resilience strategies all the more,” said Alex Cox, Director, Threat Intelligence, Mitigation, Escalation (TIME) team at LastPass. “Poor password practices remain the easiest entry point for attackers to sidestep traditional malware defenses and move through networks undetected. The findings from Dr. Zero Trust further underscore the importance of password management and its measurable ability to reduce breach likelihood and promote business continuity.”

Cyber threats every growing business should know about

By understanding the growing or small business threat landscape, these organizations can identify their highest-risk areas and prioritize their cybersecurity investments effectively. Research from the Cyber Resilience Playbook shows that emerging to mid-size businesses increasingly face threats such as:

• Rampant ransomware attacks: When broken down by company size, ransomware was present in 88% of breaches affecting emerging and mid-sized companies, compared to just 39% of breaches in large enterprises, according to Verizon.
• Credential theft and “malware-free” attacks: As technology becomes more advanced, threat actors have stood firm in stealing or abusing credentials, making traditional malware unnecessary as a primary attack vector. In fact, CrowdStrike found that 79% of the intrusions it detected in 2024 were “malware-free,” meaning attackers were accessing networks with readily available credentials.
• Social engineering surges: Verizon’s 2025 Data Breach Investigations Report highlights that humans also remain a favored entry point for many attackers, with social engineering accounting for about 60% of breaches. Specific scams, such as business email compromises (BEC) and pretexting — where attackers impersonate trusted parties — appear to hit small companies with weaker defenses harder than large enterprises.

Other attack methods, including exploitation of vulnerabilities, shadow application issues, and third-party supply chain risks further emphasize that emerging and mid-sized companies need to defend against a range of high-impact threats.

This new research underscores the urgency for smaller businesses to prioritize cyber hygiene as a core business function. By equipping themselves with the right knowledge and tools, companies can shift from being easy targets to building a foundation of resilience and trust with their customers and stakeholders.

• To download the full Cyber Resilience Playbook and access additional materials including a fireside chat with Dr. Chase Cunningham and Alex Cox, click here.
• Register here for the pair’s second webinar on October 30.

About LastPass

LastPass is a leading identity and password manager, making it easier to log in to life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. With LastPass, important credentials are protected and private – and always within reach. Learn more via www.lastpass.com and follow us on LinkedIn, X, Instagram, and Facebook.

Who should use the Cyber Resilience Playbook?

This playbook is designed for:

• Small and mid-sized businesses (SMBs)
• Lean IT and security teams
• Business leaders seeking to prioritize cybersecurity
• Organizations with limited budgets and minimal incident response capabilities

How does the playbook help improve cyber resilience?

The playbook helps businesses:

• Assess their current security maturity
• Score their resilience using a structured index
• Identify gaps in credential management and threat response
• Implement best practices for password hygiene, MFA, and zero trust

What is the Cyber Resilience Index?

The Cyber Resilience Index is a scoring system included in the playbook that allows businesses to:

• Benchmark their cybersecurity readiness
• Track progress over time
• Prioritize investments based on risk exposure

How can small businesses improve cybersecurity in 2025?

• Build a cybersecurity checklist that includes Identity and Access Management (IAM), vulnerability management, and strong backup and recovery strategies to guide resilience efforts.
• Implement enhanced security training to reduce human error and raise awareness across the organization.
• Develop incident response planning to ensure quick, coordinated action during a breach.
• Adopt a password manager, such as LastPass, to seamlessly secure company credentials.
• All of these measures support security posture improvement without a big budget, making them ideal for small and mid-sized businesses.

What does zero trust mean for mid-sized companies?

• Zero trust architecture is built on the principle of “never trust, always verify.”
• Requires continuous identity verification and strict access controls for every request.
• Applies to all users and devices—even those inside the network perimeter.
• Becomes essential in cloud-based and hybrid environments where traditional boundaries no longer apply.
• Supports security posture improvement without a big budget by reducing reliance on perimeter-based defenses.

Why should businesses use a password manager?

• A password manager with multi-factor authentication (MFA) helps prevent credential theft.
• Detects exposed credentials on the dark web and reduces breach risk by up to 60% (IBM).
• Enables secure creation, storage, and management of passwords in a trusted platform.
• Platforms such as LastPass leverage zero-knowledge encryption strategies to ensure credentials are only decrypted on the user’s device.
• Supports zero trust architecture by enforcing strong identity controls.
• Plays a key role in any cybersecurity checklist aimed at reducing credential-related incidents.

How can I assess my company’s cybersecurity maturity?

Use the maturity model and resilience scoring index included in the playbook to:

• Evaluate your current security posture
• Identify areas for improvement
• Build a roadmap toward stronger cyber resilience

View source version on businesswire.com: https://www.businesswire.com/news/home/20251016364471/en/

In an era defined by AI and automation, cybercriminals are scaling attacks with unprecedented ease—making it critical for smaller companies to proactively harden their defenses and move beyond outdated notions of ‘security by obscurity.’