Why cyber risk is rising: 4 major trends
1. More digital = greater riskÂ
Nearly every business today relies on some sort of cloud software, automation tool, mobile app, AI-based service or connected device. Digitalization improves efficiency, but it also creates more entry points for attackers.Â
2. 5G connectivity accelerates productivity and risk
5G technology allows unprecedented connection between devices and systems. Logistics, warehousing, field service operations and remote teams all benefit from faster speeds and broader connectivity. But that same connectivity increases your attack surface. Criminals look to exploit any weak link in a network.Â
3. Your supply chain could expose youÂ
41% of businesses experienced an attack through a third-party partner in a single year, according to the World Economic Forum. Cybercriminals are increasingly targeting smaller suppliers to reach larger companies downstream.Â
Small businesses often act as the “digital doorway” for criminal entry because they work with bigger enterprises, they hold valuable access credentials and they often lack formal cybersecurity resources.Â
4. AI is making cybercrime faster, smarter and harder to detect
Criminals are getting more successful at using AI to automate attacks and impersonate real people. In one case from 2024, an employee at an enterprise company transferred $26 million to fraudsters after joining a video call filled with AI-generated “colleagues,” including a fake CFO.Â
As much as this sounds like science fiction, it’s all too real. And we’re still in the early stages of convincing AI-powered social engineering and deepfake fraud.Â
Why small businesses are especially vulnerable
Small businesses often believe they’re “too small to be noticed.” Unfortunately, the opposite is true: Attackers go where the “door” is unlocked — and they’re well aware of the common entry points in many small businesses.Â
The most vulnerable businesses:Â
- Don’t have dedicated IT departments
- Aren’t familiar with basic cybersecurity best practices
- Use outdated software
- Rely on unsecured networks or devices
- Don’t provide employee cybersecurity training
- Delay investing in security tools due to budget constraints
How to strengthen your cyber defenses: 5 practical steps for small businesses
Small businesses don’t need enterprise-level budgets to meaningfully reduce risk.Â
Here are a few actions that can have a real impact:Â
1. Train your employeesÂ
Employees are your biggest defense — but also your biggest risk. Many cyberattacks start with human error, like someone clicking a malicious link and sharing sensitive information.Â
Employee awareness training can reduce the likelihood that an attack will be successful. Train your employees on how to recognize phishing attacks, the importance of using strong passwords and how to add an extra layer of security to their actions, like verifying unusual requests and verbally confirming money transfers.
2. Use cybersecurity tools designed for small businesses
Take advantage of the many affordable tools that can help protect against cybercrime, like multi-factor authentication (MFA), endpoint protection software, password managers, encrypted backups and secure cloud storage. Many attacks succeed simply because basic protections were never activated.
3. Update your systems regularly
Running outdated software is another way small businesses leave themselves vulnerable. Attackers are constantly scanning for businesses that haven’t installed patches. Help keep your business safe by installing updates for all your tech tools and systems, from browsers and point-of-sale tools to operating and payment systems.Â
4. Evaluate your vendors and supply chain
Because your security is only as strong as the weakest link in your network, make sure your partners are using strong protections as well.Â
Every partner should confirm they use MFA and be able to explain how they protect your shared data and what will happen if their systems are compromised.Â
5. Have a response plan — before you need one
A prepared business recovers much faster — and with fewer losses. Have a plan in place if you’re attacked.Â
Your plan should include:Â
- Who to call
- How to disconnect affected systems
- How to access clean backups
- How to notify customers, if needed
- What your insurance covers
Why Cyber Liability insurance mattersÂ
Taking practical steps to ward off attackers is a smart move for small businesses. But so is investing in cyber insurance.Â
Without cyber insurance, the cost of a single cybercrime incident can devastate a small business with losses that could include:Â
- Lost revenue from downtime
- Costs to recover stolen or encrypted data
- Customer notification expenses
- Ransom payments
- Legal fees
- Reputational harm
- Business interruption for days or even weeks
With cyber liability coverage, small businesses can have protection from the financial impact of a broad range of cyber risks including data breaches, ransomware, outages and failures of their own systems and other covered digital threats.Â
