A new survey reveals that in the past year an estimated one-quarter of small business owners (SBOs) have been targeted by a scam that used generative AI, according Nationwide Insurance.
Those targeted reported tactics like email, voice or video impersonations of senior-level employees to scam their business.
More than half of SBOs (52 percent) also admit being personally fooled by a deepfake image or video in the past year, while 9 in 10 say gen AI scams are becoming more sophisticated and that they need help protecting their enterprises from such attacks.
Most SBOs agree the rise in gen AI technology makes them more inclined to purchase cyber insurance, less than half report actually having the necessary coverage.
“As gen AI continues to transform various industries, its misuse in scams presents a significant challenge for small businesses with less resources for cyber defense than larger corporations, making them easier targets for cyber criminals,” said Nathan Lentz, vice president of Small Commercial Sales and Distribution for Nationwide. “While small business owners feel prepared to prevent a cyber attack, they must ensure their preparedness is backed by comprehensive cyber insurance to truly safeguard their operations. Without it, they face potentially devastating consequences to their finances, operations and customer relationships.”
Though small businesses have come a long way with cybersecurity since the COVID pandemic, a catalyst for new ways to breach their systems, roughly 7 in 10 (69 percent) are worried about a potential cyber attack on their business – a 16-point increase from 2022 and 31-point jump from June 2020.
Two-thirds (65 percent) of SBOs feel prepared for preventing such an attack – up 17 points from 2022.
Of those surveyed, 71 percent provide formal cybersecurity training for employees at least once a year (another 15-point jump from 2022) and 36 percent send phishing test emails to employees at least every few months to keep them on their toes.
The survey found that nearly a quarter (23 percent) of SBOs report their business has been a victim to a cyber attack, and the vast majority say it jeopardized their company finances and had a moderate or major impact on their customers’ trust.
When asked about the possible impacts of a cyber attack on their business, SBOs overwhelmingly underestimated the scope of damage following a cyber breach, with 81 percent believing an attack on their business would cost less than $5,000 in damages and recovery costs, and another 1 in 5 (22 percent) believing they’d be back up and running in a month or less.
In contrast, Nationwide’s claims data indicates the average cyber claim for a small business costs $18,000-21,000 while the time for recovery can be as long as 75 days.
Two-thirds of SBOs (66 percent) are confident in their business’s ability to recover from an attack, a 9-point increase from ’22, but this confidence may be hubris with only 42 percent saying they have purchased cyber coverage, according to the survey.
Two-thirds (66 percent) report that they either expect their non-cyber coverage to kick in to cover losses from a cyber attack or that they haven’t taken the time to think about what they would do after an attack.
Further, 7 in 10 (69 percent) do report having an incident response plan in place for a potential cyber attack; however, these plans are only good when they’re kept up-to-date, and 3 in 10 (28 percent) admit their plan is outdated.
“The time for business owners to figure out how to navigate a data breach is not during the incident – that could be an expensive and potentially business-threatening lesson for owners to learn,” said Lentz. “Our research shows that three-quarters of agents (73 percent) say their commercial clients consider or purchase cyber insurance because they were either a victim to an attack or witnessed a similar business become a victim. As cyber threats continue to evolve, agents should encourage business owners to take proactive steps to protect their companies. Investing in the right insurance policies can not only mitigate the risks posed by cyber attacks but also ensure that recovery, when necessary, is faster, less costly and more efficient.”