SURVEY: One quarter of small business owners have been targeted by AI-driven scams
Business owners say fraudsters used tactics like email, voice or video impersonations of senior-level employees to scam their business
A new survey from Nationwide has found that roughly one-quarter of small business owners (SBOs) have been targeted by a scam that used generative AI in the past year. Of those targeted, most described the attacks as attempted fraud using email, voice or even video impersonations of other business owners or senior-level employees they associate with.
As a result, small business owners in the U.S. are highly concerned about cyberattacks that could bring their sales to a halt, with common cyber threats like ransomware, phishing and malware cited as their top concerns,
“As gen AI continues to transform various industries, its misuse in scams presents a significant challenge for small businesses with less resources for cyber defense than larger corporations, making them easier targets for cybercriminals,” said Nathan Lentz, vice president of Small Commercial Sales and Distribution for Nationwide. “While small business owners feel prepared to prevent a cyberattack, they must ensure their preparedness is backed by comprehensive cyber insurance to truly safeguard their operations. Without it, they face potentially devastating consequences to their finances, operations, and customer relationships.”
According to the survey, more than half of SBOs (52%) also admit being personally fooled by a deepfake image or video in the past year, while 9 in 10 say gen AI scams are becoming more sophisticated and that they need help protecting their enterprises from such attacks. Though most SBOs agree that the rise in gen AI technology makes them more likely to purchase cyber insurance, less than half report actually having the necessary coverage.
Nationwide’s survey also provided three key insights for commercial lines agents and their small business owner clients:
1. Small businesses have upped their cybersecurity game, but still need help safeguarding their digital infrastructure
Small businesses have come a long way with cybersecurity since the COVID pandemic, which a quarter of owners say was a catalyst for new ways to breach their systems. Roughly 7 in 10 (69%) are worried about a potential cyberattack on their business – a 16-point increase from 2022 and 31-point jump from June 2020.
Fortunately, two-thirds (65%) of SBOs feel prepared for preventing such an attack – up 17 points from 2022. It’s likely this confidence is due to the actions they’re taking to train workers to defend against cyberthreats:
71% provide formal cybersecurity training for employees at least once a year (another 15-point jump from 2022)
36% send phishing test emails to employees at least every few months to keep them on their toes.
However, many also may have learned their cyber lessons the hard way. Nearly a quarter (23%) of SBOs report their business has been a victim to a cyberattack and the vast majority say it jeopardized their company finances and had a moderate or major impact on their customers’ trust.
2. Business owners still vastly underestimate the cost and duration of recovery following an attack
When asked about the possible impacts of a cyberattack on their business, SBOs overwhelmingly underestimated the scope of damage a cyberbreach can bring:
81% believe an attack on their business would cost less than $5K in damages and recovery costs.
Another 1 in 5 (22%) believe they’d be back up and running in a month or less.
In reality, these events can be far more detrimental to a business than SBOs realize: according to Nationwide’s claims data, the average cyber claim for a small business costs $18,000-21,000 while the time for recovery can be as long as 75 days.
3. Owners’ confidence is high, but their plans are lagging – a risky disconnect
Two-thirds of SBOs (66%) are confident in their business’s ability to recover from an attack, a 9-point increase from ’22, but this confidence may be hubris with only 42% saying they have purchased cyber coverage – a critical backstop in the event of a malicious attack.
Perhaps most concerning, two-thirds (66%) report that they either expect their non-cyber coverages to kick in to cover losses from a cyberattack or that they haven’t taken the time to think about what they would do after an attack.
Further, 7 in 10 (69%) do report having an incident response plan in place for a potential cyberattack, however these plans are only good when they’re kept up-to-date and 3 in 10 (28%) admit theirs is outdated.
Don’t let clients lose their business to a deepfake
As clients rely more on technology and data, it’s crucial for agents to offer counsel on proactive steps they can take to protect their business from cyber criminals and bad actors.
Still, even the best efforts cannot prevent all attacks, which is why having an up-to-date incident response plan and cyber insurance is important to fall back on.
“The time for business owners to figure out how to navigate a data breach is not during the incident – that could be an expensive and potentially business-threatening lesson for owners to learn,” said Lentz. “Our research shows that three-quarters of agents (73%) say their commercial clients consider or purchase cyber insurance because they were either a victim to an attack or witnessed a similar business become a victim. As cyber threats continue to evolve, agents should encourage business owners to take proactive steps to protect their companies. Investing in the right insurance policies can not only mitigate the risks posed by cyberattacks but also ensure that recovery, when necessary, is faster, less costly, and more efficient.”
