Cyber criminals don’t just target large companies capable of paying multimillion-dollar ransoms; they can also target small and mid-size companies, especially if those companies lack sophisticated cyber security practices. As risks mount, cyber insurance is becoming increasingly important coverage for small businesses.
Small Businesses Underestimate Cyber Risks
Sole proprietors and small businesses may mistakenly believe that their operations are too small for cyber criminals to notice them.
Unfortunately, this is not the case. According to a survey conducted by Nationwide, 50 percent of U.S. business owners said their company has suffered at least one type of harmful cyber activity, such as a computer virus, phishing attack, ransomware, data breach or issues resulting from unpatched software.
Small businesses are particularly vulnerable because they often lack the sophisticated cyber security systems that larger companies have. Cyber criminals may target them simply because they are more vulnerable.
Cyberattacks Are Especially Hard on Small Businesses
When they suffer a cyberattack, small businesses may struggle to contain the damage and to recover. Sometimes, businesses feel pressured to pay ransoms to recover their data. Alternatively, they may lose large sums in payroll diversion, wire fraud or other bank-draining attacks. Even without these direct losses, cyberattacks may result in costly business interruption and expenses associated with data recovery, regulatory compliance and reputational damage.
Cyber insurance can help with these costs, but many small businesses lack coverage. In fact, the 2024 Travelers Risk Index survey found that 53 percent of small businesses lack cyber insurance, compared to 18 percent of mid-size businesses and 17 percent of large businesses.
Small businesses may also lack the cash reserves necessary to deal with the unexpected costs and operational disruption that a cyberattack brings. In some cases, businesses may not survive a large attack. For example, according to The Prep, the iconic New York City restaurant Gotham Restaurant had to close after losing $45,000 in a cyber scam. The owner initially hoped to reopen but was unable to do so.
AI Could Make Things Worse for Small Businesses
Cyber criminals already target small businesses, even if the payoffs are smaller, because they see small businesses as easier targets. Now, with AI making it easier to launch attacks, cyber criminals may be even more likely to target small businesses.
Cyber criminals can use generative AI tools to craft convincing phishing attacks with little effort. They can also leverage AI to automate cyberattacks. According to CrowdStrike, AI-powered algorithms can help with every aspect of phishing attacks, from identifying targets to writing personalized messages. Cyber criminals are also using AI to power ransomware attacks that identify system vulnerabilities and adapt over time.
The recent growth of AI tools puts all businesses at risk. Attacks won’t just become harder to detect and prevent; they’ll also become more common. And, this is already happening: the 2024 Phishing Intelligence Report from SlashNext found that email-based attacks increased by 202 percent in 2024.
Is your business ready for a cyberattack?
If a cyberattack targeted your small business, would you be able to prevent it – or at least minimize the impact?
Cyberattacks have become a fact of everyday life. Businesses shouldn’t simply hope they won’t be targets; instead, they need to assume that a cyber criminal will target them at some point and take steps to protect themselves. Consider the following questions:
- Are your computer systems as secure as possible? If not, you’re an easy target. It’s not safe to assume that cyber criminals won’t notice your business just because it’s small.
- Do you know how to avoid phishing attacks and malicious links? Keep in mind that AI-powered phishing messages are often highly personalized and convincing. Cyber criminals can even leverage voice cloning and deepfake technology to impersonate others. If you relied on bad grammar to spot phishing messages in the past, a more sophisticated attack could fool you.
- Do all your employees know how to avoid phishing attacks and malicious links? You’re only as strong as your weakest link. A cyber criminal just needs one employee to make one mistake.
- Does anyone untrustworthy have access to your systems? Dishonest employees and disgruntled former employees may be vectors for data breaches.
- Are your vendors prioritizing cyber security? Hackers often target vendors in order to do as much damage as possible.
- Would you be able to detect an attack quickly? The longer hackers have access to your system, the more damage they can do.
- Would you be able to continue business operations if your core systems were down? Consider how you would conduct essential operations and whether you have backup files.
- Do you have the resources needed to recover from a cyberattack? Even if you don’t pay a ransom or lose money in a scam, you could lose data, suffer systems damage, lose revenue and need to comply with data breach notification requirements.
How can small businesses protect themselves from cyberattacks?
With new and emerging technology, cyberattacks will only become more difficult and more severe. However, there are steps that small businesses can take to protect themselves.
- Use multifactor authentication. This is one of the simplest ways to keep your sensitive accounts secure and protect your business from cyber threats.
- Train your employees and yourself. As cyberattacks continue to evolve, you need to offer ongoing training to your workers. Make sure your entire team knows the tactics cyber criminals are using.
- Keep your operating systems and software up to date. Failing to apply updates and security patches in a timely manner leaves your system vulnerable to an attack.
- Back up your data regularly. If your data is compromised, a secure backup could help minimize the disruption to business operations.
- Maintain network security. This includes using antivirus software, firewalls, configurations that adhere to the principle of least privilege and security programs that monitor system intrusions or suspicious activity.
- Dedicate resources to cyber security. Cyber security needs to be a priority, with everyone on your team playing an active role in preventing attacks. In addition, it’s useful to have someone in charge of ensuring that your cyber policies are adequate for the latest threats. If you do not have sufficient internal resources to monitor for attacks and mitigate damage, consider contracting this service.
- Use resources designed for small businesses. For example, the Federal Trade Commission (FTC) has resources for small businesses available, and the Cybersecurity and Infrastructure Security Agency (CISA) has information for small and mid-size businesses.
- Secure cyber insurance. Even when you’re committed to cyber security, a successful cyberattack is possible. Cyber liability insurance can help mitigate the financial effects of an attack on your business.
Cyber Insurance Coverage for Small Businesses
Most businesses rely on computer systems in one way or another. As a result, they have cyber risks. This means that even small businesses can benefit from good cyber security practices and adequate cyber insurance coverage.
Higginbotham can help you review your cyber risks and insurance needs. Talk to one of our cyber insurance specialists to learn more.
