U.S. businesses lost more than $27 billion in cybercrime from 2018-2023, and small businesses are a primary target, according to an FBI report on internet crime. Entrepreneurs and small business owners could benefit from training, cybercrime insurance coverage and the right resources to stay protected.
Read ahead to learn:
Cybercrime is defined as the criminal act of someone using computers or the internet to harm or steal from your company.
Imagine if someone breaks into your business email account, pretends to be you, then contacts your bank to add themselves as your payroll administrator. They start wiring your money away and it could be months before you notice.
The distressing scenario is a true story — and a growing number of incidents like these impact small businesses every day.
Cybercrime is rapidly increasing. More than $10 billion in losses happened in 2022, according to an FBI report on internet crime.
There’s evidence that cybercriminals are disproportionately targeting smaller businesses, says Julia Thompson, a senior marketing manager at leading cyber insurance provider Coalition.
“The unfortunate reality is that small businesses are seen as easy targets, because they often have limited resources or expertise to manage their technology and train their employees,” Thompson says.
The most common kind of cybercrime claim that Coalition received last year was a fraudulent transfer of funds, with an average loss of $210,000, according to Thompson.
“That’s a lot of money for any business, but especially for a small one,” Thompson says. “Just one incident can be a huge blow to a business’s balance sheet and can even be a business ending event.”
What can be done about digital criminal activity? We joined a discussion with Coalition’s experts to learn about the most common cyber threats and what can be done to prevent them.
One of the most common types of cybercrime attacks is wire transfer fraud. This is when a criminal sends your financial institution a fraudulent instruction that allows them to transfer your small business’ funds without your consent.
It’s “not necessarily the most sophisticated type of attack, but one that’s especially lucrative and generally pretty easy for cyber criminals to execute,” says Mike Volk, a cybersecurity expert and senior marketing manager at Coalition. “It looks legitimate to the bank, but the person making the transaction was not authorized, and it was fraudulent.”
Volk tells the story of one attacker who contacted the bank to add themselves as a payroll administrator. They were then able to wire away $125,000 before the small business owners found out.
As part of its incident response services, Coalition did a forensic investigation and found the small business had five more email accounts that had been compromised, says Dale Schulenberg, Coalition’s cyber claims leader.
“It could have been worse, but we were able to cut off access at that point,” Schulenberg says.
Social engineering preys on human vulnerability.
In the language of cyber insurance coverage, social engineering is defined as an attack from someone outside of your organization who tricks someone on your team into making a fraudulent transfer.
“What the fraudster will typically do is start to do research on your organization to figure out who your vendors are, who your suppliers are, who you normally do business with and process payments with,” says Volk. “On the other side, they’re going to actually do research on your organization to figure out who is internally responsible for processing and making payments.”
In one instance, a small business insured by Coalition was fooled into sending $6.4 million to a thief’s bank account. “They had an email chain with their investment advisor, and it had been compromised,” Schulenberg says.
One of the best ways to prevent this is training employees to double-check the source of any payment request, says Volk. “Make sure that if anybody ever asks to change payment instructions, it’s verified by a phone call, not by email.”
In invoice manipulation fraud, an attacker sneaks inside your small business’ systems and secretly tampers with the invoices you send out to customers. When your customers receive the manipulated invoices, they get fooled into sending their payments to the fraudster instead of you.
“The challenge here is that the business owner has no idea that this is happening. The fraudster has such a level of access that they’re deleting this stuff before the owner ever even sees it,” Volk says.
One of Coalition’s clients, a trailer manufacturer, was hit by invoice manipulation fraud while invoicing a known customer for a legitimate order. Unbeknownst to the trailer business, “their email had been compromised, so that invoice was intercepted and changed, and there were fraudulent wire details on there,” Schulenberg says.
As a result, the customer sent the money to the fraudster instead of the company.
Fortunately, the trailer company had cybercrime insurance coverage, which reimbursed them for the funds they couldn’t collect. That allowed the manufacturer to finish the job and deliver it to a happy customer.
Electronic theft is similar to the other types of cybercrime: An attacker gains access to your small business’ systems and uses the access to commit theft. In this scenario, the thief is stealing services your company pays for instead of money.
Insurance coverage for electronic theft can protect you even when thieves take something besides your business’ money. An attacker “can use that level of access to do things like steal property or change shipping information,” Volk says.
In service or telecom theft, a criminal could use their access to your systems to run pricey operations, like making internet phone calls.
“Another one that we hear a lot about these days is something like cryptojacking, where a criminal is actually spinning up virtual resources that can be pretty expensive,” Volk says.
What’s better than getting reimbursed when a cybercriminal attacks your small business? Preventing the attack.
When you protect your small business with cyber insurance through NEXT’s partnership with Coalition, you’re not just covered for financial loss. You also get the benefit of Coalition’s security services like cybercrime prevention training for you and your small business, 24/7 security monitoring tools and the help of Coalition’s expert response teams during an attack.
The concept is called “active insurance,” and the results speak for themselves.
“Our policyholders filed half as many claims as the industry average in 2022,” Volk says. “And when there were incidents reported by our policyholders, nearly half were handled at no cost to the business. This means it was totally free for the policyholder to get help addressing security issues, to get their business back up and running and even for us to claw back funds that were fraudulently transferred.”
Protect your business against common attacks like wire transfer fraud, social engineering, and electronic theft. NEXT and Coalition have partnered to bring small businesses cyber insurance coverage with industry-leading security services at no extra cost.
If you’re looking for more small business insurance options, consider: