Perhaps there was a time when being a small business meant flying under the radar, not worth a criminal’s trouble. But in today’s digital age, with criminals casting wide nets instead of fishing with precision hooks, size no longer provides safety. Technology has transformed the game, turning small businesses into likely victims of cybercriminals who scale attacks with tech. It’s like fishing with dynamite—quantity has a quality all its own. Now, AI-driven attacks sweep across vast digital seas, catching companies with and without small business cyber insurance off guard.
A recent survey conducted by Nationwide reveals just how vulnerable these businesses are. AI-driven scams targeted nearly a quarter of U.S. small business owners (SBOs) within the past year. These attacks have ranged from impersonations of senior employees to deepfake emails and videos designed to deceive, leaving many SBOs questioning the strength of their defenses against these evolving threats.
Our takeaway from the survey follows: You can get the full report here.
AI Scams
The study revealed that over half of SBOs (52%) personally fell for deepfake images or videos, highlighting the challenges of combating generative AI-powered fraud. Yet, despite the rising threat, only a fraction of SBOs have taken the necessary steps to secure cyber insurance, an essential defense against these attacks. While 90% of SBOs recognize the sophistication of AI scams and the need for better protection, less than half have adequate insurance coverage.
Nathan Lentz, vice president of Small Commercial Sales and Distribution at Nationwide, stressed the urgency of the situation. “Small businesses are now facing the same level of threat as larger companies, and while many feel they are prepared to prevent a cyberattack, that preparedness must be backed by robust cyber insurance. Without it, they risk severe financial consequences and damage to customer relationships.”
The survey provides three critical insights for SBOs and insurance agents:
Small businesses have improved cybersecurity but still need help.
Since the COVID-19 pandemic, small businesses have significantly strengthened their cybersecurity measures. The survey found that 69% of SBOs are concerned about potential cyberattacks—a 16-point increase from 2022. Additionally, 65% now feel prepared to prevent an attack, a rise that reflects an increase in employee training and phishing tests. Despite these efforts, nearly a quarter of SBOs have experienced a cyberattack, many resulting in financial loss and eroded customer trust.
SBOs underestimate the cost and time required for recovery.
Most SBOs underestimate the true cost of a cyberattack, with 81% believing the financial damage would be under $5,000. In reality, Nationwide’s claims data shows the average small business cyberattack costs between $18,000 and $21,000, with recovery periods stretching up to 75 days. This miscalculation of risk leaves many businesses unprepared for an attack’s financial and operational fallout.
Confidence is high, but concrete plans are lacking.
Two-thirds of SBOs express confidence in their ability to recover from a cyberattack, yet only 42% carry cyber insurance. Many SBOs mistakenly assume their non-cyber policies will cover the damage, exposing them to significant risk. Moreover, while 69% of SBOs report having an incident response plan, 28% admit their plans are outdated and insufficient to handle current threats. Lentz warns that small businesses could face devastating consequences without up-to-date response plans and comprehensive insurance.
While the challenges posed by AI-driven scams are daunting, interest in cyber insurance is growing. The survey found that 78% of SBOs are more likely to consider purchasing coverage in light of the rise of generative AI. For insurance agents, this represents an opportunity to engage their clients and offer critical advice on protecting their businesses.
As cybercriminals continue to innovate and target vulnerable businesses, it’s clear that small companies must take proactive steps, like cyber insurance, to safeguard their operations. With more advanced threats on the horizon, cyber insurance and up-to-date incident response plans are essential tools for ensuring survival in this new digital battlefield.
Other News: MoneyGram goes offline as it investigates cybersecurity problem.